Overview
The CI/CD Security Architect / DevSecOps Lead will be responsible for enhancing software supply chain security and risk management for a duration of 5 weeks. Working closely with stakeholders, this role involves assessing current practices, recommending improvements, and implementing a secure and scalable solution for CI/CD pipelines, ensuring compliance with banking security standards.
Responsibilities
- Conduct stakeholder interviews to gather requirements and understand current processes.
- Review existing software supply chain risk management practices.
- Assess on-prem, cloud, and SaaS hosting options.
- Design and recommend a secure, scalable solution.
- Select appropriate tools for security integration in CI/CD.
- Build and implement the chosen security solution.
- Integrate security controls into CI/CD pipelines.
- Lead testing, UAT, and deployment into production.
Requirements
- Strong experience in software supply chain security.
- Expertise with Software Composition Analysis (SCA) tools such as Sonatype IQ.
- Knowledge of Software Bill of Materials (SBOM) and dependency risk management.
- Experience embedding security gates into CI/CD pipelines.
- Familiarity with artifact governance and secure development practices.
- Hands-on experience with CI/CD tools like GitHub Actions, GitLab CI, and Jenkins.
- Strong understanding of repository design and versioning strategies.