What are the responsibilities and job description for the DevSecOps Lead/Architect (with Supply Chain and SBOM) position at Jobs via Dice?
Dice is the leading career destination for tech experts at every stage of their careers. Our client, Rivago infotech inc, is seeking the following. Apply via Dice today!
Role Summary
Assess software supply chain security, SDLC maturity, SBOM governance, CI/CD pipeline controls, secrets management, logging/auditability, and vulnerability management to support lifecycle security evaluation and compliance traceability.
Key Responsibilities
Mandatory:
Role Summary
Assess software supply chain security, SDLC maturity, SBOM governance, CI/CD pipeline controls, secrets management, logging/auditability, and vulnerability management to support lifecycle security evaluation and compliance traceability.
Key Responsibilities
- Review SDLC processes, tooling, and secure development practices
- Assess software supply chain security, including SCA, SBOM accuracy/completeness, dependency governance, and third-party risk
- Evaluate CI/CD pipeline security, artifact integrity, and secure release controls
- Review secrets management across development, build, deployment, and operational environments
- Assess logging, auditability, and security event traceability controls
- Evaluate vulnerability management, remediation tracking, and patch governance processes
- Support lifecycle security assessment, compliance evidence mapping, and traceability
- Contribute to assessment reporting, remediation guidance, and release governance reviews
Mandatory:
- Strong understanding of DevSecOps and secure software delivery practices
- Experience with SBOM frameworks (CycloneDX, SPDX) and SCA tooling
- Familiarity with CI/CD security controls and artifact integrity validation
- Experience with vulnerability management and dependency governance programs
- Understanding of lifecycle security, auditability, and compliance evidence requirements
- Experience with secrets management and secure release governance
- Experience participating in CRA or regulated product security, or compliance-driven cybersecurity assessments
- Experience participating in engagement related to export-controlled environments
- Strong documentation skills
- Kubernetes / Cloud Security certifications preferred
- DevSecOps or secure software supply chain experience preferred
- Familiarity with SLSA or modern software supply chain security practices
- Clearance / Compliance Requirements
- 7-10 years in setting up, maintaining and controls validation of Secure. CI/CD pipelines across different type of tech stack.
- 2 Years experience with SBOM analysis