What are the responsibilities and job description for the DevSecOps/Vulnerability Management Lead position at Open Systems Technologies?
A financial firm is looking for a DevSecOps/Vulnerability Management Lead to join their team in Iselin, NJ.
Compensation: $150-170k
US Citizens/GC Holders Only - No visa sponsorship
Candidates must be local - No relocation
Keys For Role
Compensation: $150-170k
US Citizens/GC Holders Only - No visa sponsorship
Candidates must be local - No relocation
Keys For Role
- Needs to currently be working in a vulnerability management area
- Strong DevSecOps experience
- Python and finance experience
- SAST/DAST/SCA knowledge
- Strong documentation skills
- Establish and manage a comprehensive vulnerability management program, including:
- Integration of scanning tools across source code, dependencies, containers, and infrastructure.
- Continuous discovery, prioritization, and tracking of vulnerabilities.
- Coordinating with development and infrastructure teams for timely remediation.
- Root cause analysis and reporting on trends and recurring issues.
- Lead the design and implementation of secure, automated CI/CD pipelines.
- Define and drive DevSecOps strategy in alignment with business goals and compliance standards.
- Embed security controls and tooling (SAST, DAST, SCA, IaC scanning, etc.) into the software development lifecycle.
- Collaborate closely with engineering, platform, and security teams to ensure scalable security architecture.
- Automate security testing and compliance checks within CI/CD workflows.
- Evaluate and implement security tools and platforms that support proactive risk management.
- Drive secure configuration management and enforcement through IaC and policy-as-code.
- Maintain awareness of emerging threats, vulnerabilities, and regulatory changes.
- Support internal and external audits, ensuring alignment with compliance frameworks (e.g., ISO 27001, SOC 2, GDPR).
- Provide technical mentoring and guidance on secure coding, cloud security, and DevSecOps best practices.
- 5 years of hands-on experience in DevOps, Security Engineering, or DevSecOps.
- Strong experience designing and managing vulnerability management workflows, ideally across multi-cloud and containerized environments.
- Familiarity with vulnerability scanning tools and platforms (e.g., Snyk, Tenable, Qualys, Trivy, Clair, etc.).
- Proficient in implementing CI/CD pipelines with tools such as GitLab CI, GitHub Actions, Jenkins, CircleCI.
- Deep understanding of cloud platforms (AWS, Azure, or GCP) and cloud-native security controls.
- Expertise in scripting (e.g., Python, Bash) and infrastructure-as-code (Terraform, Ansible).
- In-depth knowledge of application and infrastructure security, secure SDLC, and DevSecOps tooling.
- Strong knowledge of compliance and security frameworks: OWASP, NIST, CIS Benchmarks, ISO 27001.
- Excellent communication skills and ability to work across technical and non-technical stakeholders.
- Proven ability to lead cross-functional security initiatives and mentor engineers.
Salary : $150,000 - $170,000