DevSecOps Technical Lead at BETSoftware

Skill Set

Technical Skills

• Application Security & DevSecOps expertise 
• CI/CD pipeline management and automation 
• Vulnerability assessment and remediation 
• Secure coding practices and code review 
• Cloud, container, and API security knowledge 
• Security testing tools (SAST, DAST, SCA, penetration testing) 
• Programming/scripting proficiency (e.g., Python, Java, or similar) 
• Threat modeling and risk assessment 

Leadership & Management Skills

• Team leadership and mentoring 
• Workflow and process development 
• Incident management and escalation 
• Strategic decision-making in security contexts 
• Project and time management 
• Stakeholder management and cross-functional collaboration 

Communication Skills

• Clear, concise reporting to technical and non-technical audiences 
• Presenting security risks and remediation guidance 
• Influencing and negotiating with engineering and management teams 
• Facilitating knowledge transfer and training sessions 

Analytical & Problem-Solving Skills

• Critical thinking and root cause analysis 
• Risk assessment and prioritization 
• Research and evaluation of emerging threats and security tools 

Professional Tools & Software Skills

• Microsoft Office (Word, Excel, PowerPoint, Teams) 
• Security tools: SAST, DAST, SCA, API scanners, penetration testing frameworks 
• CI/CD tools: Jenkins, GitLab, GitHub Actions, or equivalent 
• Cloud platforms (AWS, Azure, GCP) and container tools (Docker, Kubernetes)

Responsibilities
Technical Output

• Lead the design and execution of secure SDLC practices across application development and delivery
• Own application security testing and validation activities, including: Static, dynamic, dependency, and API security testing (including penetration tests and vulnerability assessments) / Manual validation of high-risk findings
• Embed security controls and testing into CI/CD pipelines in a scalable and developer-friendly manner
• Define and enforce secure coding standards, security patterns, and delivery guardrails
• Perform and oversee threat modeling and secure design reviews for applications and services
• Serve as the senior technical escalation point for complex or high-severity security issues
• Architect and maintain security automation for: Vulnerability detection and prioritization / Secrets management and secure configuration / Software supply chain protection
• Partner with InfoSec, engineering, platform, and infrastructure teams to ensure security requirements are implemented end-to-end
• Continuously assess emerging threats, tools, and techniques, recommending improvements to security capabilities
• Define and track AppSec and DevSecOps KPIs, such as: Risk reduction over time / Vulnerability remediation SLAs /Security testing coverage / Pipeline adoption and developer engagement
• Generate and present reports of findings, remediations and mitigations to security stakeholders and management
• Provide guidance and conduct investigations into security incidents
• Product research and conduct proof of concepts to test viability of new product offerings that secure and enhance our security stature

Leadership and Professional Competencies

• Develop, lead and mentor a team of DevSecOps / Application Security engineers
• Establish clear workflows, playbooks, and escalation paths for a tiered security function
• Communicate security risks and remediation guidance clearly to DevOps, engineers and management
• Influence engineering teams through collaboration, credibility, and pragmatic security guidance
• Balance risk reduction with delivery speed, enabling secure innovation in line with business requirements
• Foster a culture of shared responsibility for security across engineering teams
• Provide calm, decisive leadership during security incidents, investigations, and remediation efforts
• Create and maintain partnerships with Dev Team Leads and Management

Qualifications

• 7+ years of experience in application security, security engineering, DevOps, or software engineering
• Demonstrated leadership of application security initiatives in production environments
• Strong hands-on experience with: Application security testing tools (SAST, DAST, SCA, API security) / Secure code review and vulnerability validation / Penetration testing or advanced application testing experience / Web Application Firewalls
• Solid understanding of: OWASP Top 10 and common application attack patterns / Security frameworks (OWASP ASVS, ISO27001, NIST CSF etc) / Secure SDLC and threat modeling methodologies (STRIDE, DREAD & PASTA) /Web, API, and cloud-native application architectures
• Security Certifications (e.g. CISSP, OSCP, CCISO, CISSM, CSSLP, CISSM etc)
• Proficiency in at least one programming or scripting language (e.g. Python, Java, JavaScript, Go, Bash)

Leadership & Team Experience

• Prior experience leading or mentoring junior and mid-level security or DevSecOps engineers
• Experience building workflows and operational playbooks for tiered teams
• Ability to set technical standards and hold teams accountable to them

Preferred Qualifications

• Experience in containerized application and cloud-native environments
• Familiarity with software supply chain security concepts (SBOMs, dependency risk)