Bangalore, IND
15 hours ago
Senior Architect - DevSecOps
At Iron Mountain we know that work, when done well, makes a positive impact for our customers, our employees, and our planet. That’s why we need smart, committed people to join us. Whether you’re looking to start your career or make a change, talk to us and see how you can elevate the power of your work at Iron Mountain. We provide expert, sustainable solutions in records and information management, digital transformation services, data centers, asset lifecycle management, and fine art storage, handling, and logistics. We proudly partner every day with our 225,000 customers around the world to preserve their invaluable artifacts, extract more from their inventory, and protect their data privacy in innovative and socially responsible ways. Are you curious about being part of our growth stor​y while evolving your skills in a culture that will welcome your unique contributions? If so, let's start the conversation. **ABOUT THIS OPPORTUNITY.... (Bengaluru, India, Hybrid)** **_The Opportunity:_** **_We are seeking an exceptionally talented and seasoned DevSecOps Leader with over 15 years of progressive experience to champion and drive our DevSecOps initiatives across all product lines. This is a critical leadership role that will be instrumental in integrating security seamlessly into every phase of our software development lifecycle, fostering a security-conscious culture, and building robust, scalable, and secure product delivery pipelines._** **_You will lead a team of dedicated security and DevOps engineers, working closely with engineering leadership, product management, and other stakeholders to ensure that security is an inherent part of our product development, from design to deployment and operations._** **_Key Responsibilities:_** + **_Strategic Leadership:_** **_Define, develop, and execute the DevSecOps strategy and roadmap, aligning it with the company's overall product and security objectives._** + **_Architecture & Design:_** **_Lead the design and implementation of secure CI/CD pipelines, automated security testing (SAST, DAST, SCA, IAST), and infrastructure as code (IaC) with security best practices embedded._** + **_Tooling & Automation:_** **_Evaluate, select, and implement DevSecOps tools and technologies to enhance security posture, efficiency, and automation. Drive the adoption of these tools across engineering teams._** + **_Security by Design:_** **_Promote and enforce "security by design" principles throughout the software development lifecycle, ensuring security considerations are integrated from the initial stages of product conceptualization._** + **_Threat Modeling & Risk Management:_** **_Lead threat modeling exercises and risk assessments for new and existing products, identifying vulnerabilities and implementing mitigation strategies._** + **_Vulnerability Management:_** **_Establish and mature a robust vulnerability management program, including continuous monitoring, remediation, and reporting._** + **_Compliance & Governance:_** **_Ensure adherence to relevant industry security standards, regulations, and internal policies. Support compliance audits and certifications._** + **_Cultural Transformation:_** **_Foster a strong security-first culture within engineering and product teams through training, awareness programs, and continuous collaboration. Evangelize DevSecOps principles and practices._** + **_Team Leadership & Mentorship:_** **_Build, mentor, and lead high-performing DevSecOps teams. Provide technical guidance, career development opportunities, and performance management._** + **_Incident Response:_** **_Collaborate with the security operations team on incident response planning and participate in investigations related to product security._** + **_Cross-functional Collaboration:_** **_Work closely with Engineering VPs, Directors, Architects, Product Managers, and other stakeholders to integrate security seamlessly into product roadmaps and releases._** + **_Performance Metrics:_** **_Define and track key performance indicators (KPIs) for DevSecOps maturity, security posture, and remediation efforts._** **_Required Skills and Experience:_** + **_15+ years of extensive experience_** **_in software development, DevOps, and Information Security, with a significant focus on building and leading DevSecOps initiatives in a product-centric environment._** + **_Proven experience leading DevSecOps transformations_** **_in organizations with large-scale product deployments and distributed teams (especially across India)._** + **_Deep expertise in cloud security principles_** **_and experience with at least one major cloud provider (AWS, Azure, or GCP)._** + **_Strong understanding of secure coding practices_** **_, application security vulnerabilities (OWASP Top 10), and common attack vectors._** + **_Hands-on experience with DevSecOps tools and technologies_** **_, including but not limited to:_** + **_CI/CD platforms (e.g., Jenkins, GitLab CI/CD, Azure DevOps, CircleCI)_** + **_Static Application Security Testing (SAST) tools (e.g., SonarQube, Checkmarx, Fortify)_** + **_Dynamic Application Security Testing (DAST) tools (e.g., OWASP ZAP, Burp Suite, Tenable.io)_** + **_Software Composition Analysis (SCA) tools (e.g., Snyk, Mend, Nexus Lifecycle)_** + **_Infrastructure as Code (IaC) tools (e.g., Terraform, Ansible, CloudFormation)_** + **_Container security tools (e.g., Clair, Trivy, Aqua Security, Twistlock/Palo Alto Networks Prisma Cloud)_** + **_Security Information and Event Management (SIEM) tools (e.g., Splunk, ELK Stack, Sumo Logic)_** + **_Proficiency in at least one scripting language_** **_(e.g., Python, Go, Bash)._** + **_Solid understanding of microservices architecture_** **_, APIs, and containerization technologies (Docker, Kubernetes)._** + **_Excellent leadership, communication, and interpersonal skills_** **_with the ability to influence and collaborate effectively at all levels of the organization._** + **_Strong problem-solving abilities_** **_and a pragmatic approach to security challenges._** + **_Bachelor's or Master's degree_** **_in Computer Science, Information Security, or a related field._** + **_Relevant industry certifications_** **_(e.g., CISSP, CISM, CSSLP, GCSA, CCSP) are a plus._** Category: Information Technology Iron Mountain is a global leader in storage and information management services trusted by more than 225,000 organizations in 60 countries. We safeguard billions of our customers’ assets, including critical business information, highly sensitive data, and invaluable cultural and historic artifacts. Take a look at our history here. Iron Mountain helps lower cost and risk, comply with regulations, recover from disaster, and enable digital and sustainable solutions, whether in information management, digital transformation, secure storage and destruction, data center operations, cloud services, or art storage and logistics. Please see our Values and Code of Ethics for a look at our principles and aspirations in elevating the power of our work together. If you have a physical or mental disability that requires special accommodations, please let us know by sending an email to accommodationrequest@ironmountain.com. See the Supplement to learn more about Equal Employment Opportunity. Iron Mountain is committed to a policy of equal employment opportunity. We recruit and hire applicants without regard to race, color, religion, sex (including pregnancy), national origin, disability, age, sexual orientation, veteran status, genetic information, gender identity, gender expression, or any other factor prohibited by law. To view the Equal Employment Opportunity is the Law posters and the supplement, as well as the Pay Transparency Policy Statement, CLICK HERE **Requisition:** J0090224
Por favor confirme su dirección de correo electrónico: Send Email