Role Overview

We are seeking an experienced professional with strong expertise in Sonatype Nexus IQ, DevSecOps practices, and FOSS security management. The ideal candidate will have hands-on experience in integrating security into the SDLC, managing open-source risks, and implementing enterprise-grade security compliance practices.

Key Responsibilities

1. Sonatype Nexus IQ

Manage and implement Sonatype Nexus IQ Lifecycle in large-scale enterprise environments.

Configure and maintain Sonatype IQ Server for automated security and compliance management.

Create and maintain custom security policy configurations aligned with organizational standards.

2. DevSecOps

Implement DevSecOps practices and integrate security into CI/CD pipelines using Jenkins, GitLab, GitHub.

Manage Sonatype IQ integration within CI/CD pipelines for automated security and compliance checks.

Drive security adoption within the Software Development Life Cycle (SDLC) using DevSecOps methodologies.

3. FOSS (Free Open Source Software) Security

Define and enforce enterprise FOSS usage policies.

Use open-source scanning tools (e.g., Snyk, Black Duck, Dependency-Track, CrowdStrike) to identify vulnerabilities and risks.

Analyze and remediate vulnerabilities, license risks, and policy violations in open-source dependencies.

Monitor and report FOSS risk metrics, providing actionable insights to leadership.

4. Tools & Technologies

Proficiency in Software Composition Analysis (SCA) tools and dependency management solutions (Maven, NPM, PIP, etc.).

Strong knowledge of OWASP Top 10, CVE, MITRE ATT&CK frameworks related to open-source risks.

Hands-on experience in container security (Docker, Kubernetes) and SBOM generation.

5. Soft Skills

Strong stakeholder management and ability to influence and collaborate across global teams.

Excellent communication and interpersonal skills.

Proactive with strong analytical and problem-solving capabilities.

Qualifications & Experience

7+ years of experience in Cybersecurity or a related domain.

Bachelor’s or Master’s degree in Computer Science, Engineering, or related field.

Availability:

Immediate to 15 days preferred.

Notice period up to 30 days acceptable.

Flexibility to work in UK hours is required.

Good to Have

Expertise with additional OSS scanning tools (Snyk, Black Duck, Dependency-Track, CrowdStrike).

Scripting experience in Bash, Python, or Groovy for automation and tool customization.

Industry-recognized cybersecurity certifications such as CISSP, CRISC, CISM, OSCP, or Cloud Security certifications.

Background in software security and secure development practices.