Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
S&P Global

DevSecOps Architect – Artifact Management, Software Supply Chain Security

S&P Global

DevSecOps Architect focusing on securing enterprise artifact and dependency management platforms. Involves application security, cloud security, and governance across CI/CD pipelines and environments.

Posted 5/26/2026full-timeNew Jersey, New York • 🇺🇸 United StatesMid-LevelSenior💰 $125,000 - $165,000 per yearWebsite

Tech Stack

Tools & technologies
AWSAzureCloudCyber SecurityGoogle Cloud PlatformGroovyJenkinsPythonSDLCTerraform

About the role

Key responsibilities & impact
  • Design, deploy, and operate enterprise artifact repository platforms supporting cloud and hybrid environments.
  • Define and enforce package curation, promotion, and trust models aligned with application security and compliance requirements.
  • Implement and govern waiver and approval workflows for dependency and artifact usage, ensuring risk-based decision‑making.
  • Partner with AppSec, platform, and engineering teams to standardize secure dependency and artifact consumption patterns.
  • Define and maintain repository architectures supporting multiple environments, teams, and trust boundaries.
  • Enforce policies ensuring artifact immutability, provenance, versioning, and trusted sourcing.
  • Integrate artifact repositories into CI/CD pipelines built on GitHub, Jenkins, and Azure DevOps.
  • Embed security controls for AI/ML and GenAI workloads within CI/CD pipelines and developer workflows.
  • Define and enforce secure usage patterns for LLMs and AI services, including prompt handling, data protection, and model access controls.
  • Implement safeguards against AI-specific threats, including prompt injection, model poisoning, data leakage, and insecure model outputs.
  • Integrate AI security scanning and validation into build pipelines, ensuring safe model usage and dependency integrity.
  • Collaborate with engineering teams to establish secure-by-design AI application architectures.
  • Ensure compliance with enterprise Responsible AI policies (data privacy, bias management, model governance).
  • Secure AI-related secrets, tokens, and API access used in pipelines and applications.
  • Monitor and respond to security risks introduced by AI/ML components, including third-party models and APIs.
  • Contribute to AI risk governance, auditability, and traceability across the SDLC.
  • Stay current on emerging AI security threats, vulnerabilities, and regulatory expectations.
  • Align artifact and dependency controls with cloud security best practices for deployed applications.
  • Monitor usage, risk posture, and effectiveness of artifact controls and drive continuous improvement.
  • Develop automation and policy‑as‑code for artifact lifecycle management, approvals, and governance.
  • Support security incident investigations related to software supply chain integrity or dependency risk.
  • Create documentation, standards, and enablement materials for secure developer adoption.

Requirements

What you’ll need
  • Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or equivalent experience.
  • 3–6 years of experience in DevSecOps, platform security, or software supply chain security.
  • Strong hands-on experience with JFrog Artifactory, including deployment and enterprise architecture.
  • Experience designing package curation and promotion models.
  • Foundational understanding of AI/ML and Generative AI concepts, including LLMs and model lifecycle.
  • Knowledge of AI/ML security risks such as prompt injection, data poisoning, model evasion, and data leakage.
  • Experience integrating AI or ML components into applications or pipelines (preferred hands-on exposure).
  • Familiarity with Responsible AI principles and AI governance frameworks.
  • Experience implementing waiver and approval workflows for dependencies and artifacts.
  • Strong understanding of application security principles and dependency risk management.
  • Hands-on experience integrating repositories with GitHub, Jenkins, and Azure DevOps pipelines.
  • Experience working in cloud environments (Azure preferred; AWS/GCP acceptable).
  • Proficiency with automation and scripting (Python, Groovy, Terraform, etc.).
  • Knowledge of modern SDLC and DevSecOps operating models.

Benefits

Comp & perks
  • Health & Wellness: Health care coverage designed for the mind and body.
  • Flexible Downtime: Generous time off helps keep you energized for your time on.
  • Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
  • Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
  • Family Friendly Perks: It’s not just about you. S&P Global has perks for your partners and little ones, too, with some best-in-class benefits for families.
  • Beyond the Basics: From retail discounts to referral incentive awards—small perks can make a big difference.

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
DevSecOpsplatform securitysoftware supply chain securitypackage curationAI/MLGenerative AIapplication securitydependency risk managementautomationscripting