M1 - IT Security Lead – DevSecOps

Job Family: Technology > Sub-family: Cybersecurity 

Reports to (role): CTSO Manager 

Objective of the Role 

As the IT Security Lead – DevSecOps, you will be responsible for leading the DevSecOps practice within our tech product development team. This role involves overseeing the integration of security into the DevOps processes, ensuring the secure development, deployment, and operation of our applications and infrastructure. You will collaborate with development, operations, and security teams to drive a culture of security automation and continuous improvement. 

Main Responsibilities 

1. Lead and mentor a team of DevSecOps engineers, fostering a collaborative and innovative work environment. 
2. Develop and implement a comprehensive DevSecOps strategy that aligns with the company's business objectives. 
3. Integrate security practices into the CI/CD pipelines to ensure secure code deployment and infrastructure provisioning. 
4. Implement and manage security tools and platforms such as static code analysis, dynamic application security testing, and container security. 
5. Automate security processes to enhance efficiency and reduce manual intervention. 
6. Monitor and respond to security incidents related to the development and deployment processes. 
7. Conduct security assessments and code reviews to identify vulnerabilities and ensure compliance with security standards. 
8. Collaborate with development, operations, and security teams to ensure security is embedded throughout the software development lifecycle. 
9. Provide training and guidance to team members on DevSecOps best practices and emerging security threats. 
10. Stay updated on the latest trends and advancements in DevSecOps and security automation technologies. 
11. Drive innovation by exploring new tools, techniques, and best practices to enhance the DevSecOps practice. 
12. Communicate effectively with stakeholders to ensure awareness and understanding of DevSecOps initiatives and their impact. 
13. Develop and maintain documentation on DevSecOps processes, tools, and best practices. 
14. Ensure compliance with industry standards and regulatory requirements related to DevSecOps. 
15. Participate in incident response activities and conduct root cause analysis for major incidents. 
16. Foster a culture of continuous improvement and proactive problem-solving within the DevSecOps team. 
17. Promote an autonomous work culture by encouraging self-management, accountability, and proactive problem-solving among team members. 
18. Serve as a Spin Culture Ambassador to foster and maintain a positive, inclusive, and dynamic work environment that aligns with the company's values and culture. 

Required Knowledge and Experience 

1. Bachelor's degree in Computer Science, Information Technology, or a related field. 
2. Extensive experience in DevSecOps, cybersecurity, and information security within a technology-driven environment. 
3. Proven experience in leading and managing a team of engineers. 
4. Strong understanding of DevSecOps tools and platforms, such as Jenkins, GitLab, Docker, Kubernetes, SonarQube, etc. 
5. Experience with cloud environments (AWS, Azure, GCP) and container orchestration (Kubernetes, Docker). 
6. Proficiency in scripting and automation using languages such as Python, Bash, or similar. 
7. Excellent analytical and problem-solving skills. 
8. Strong communication and collaboration skills to work with cross-functional teams. 
9. Self-management skills to ensure task and objective completion. 
10. In-depth knowledge of software development practices and DevOps principles. 
11. Familiarity with security frameworks and standards relevant to DevSecOps. 
12. Advanced English proficiency. 

Spin está comprometida con un lugar de trabajo diverso e inclusivo. 
Somos un empleador que ofrece igualdad de oportunidades y no discrimina por motivos de raza, origen nacional, género, identidad de género, orientación sexual, discapacidad, edad u otra condición legalmente protegida. 
Si desea solicitar una adaptación, notifique a su Reclutador.