Security Engineering Lead - DevSecOps

Security Engineering Lead – DevSecOps

We are CirrusLabs. Our vision is to become the world's most sought-after niche digital transformation company that helps customers realize value through innovation. Our mission is to co-create success with our customers, partners, and community. Our goal is to enable employees to dream, grow, and make things happen. We are committed to excellence. We are a dependable partner organization that delivers on commitments. We strive to maintain integrity with our employees and customers. Every action we take is driven by value. The core of who we are is through our well-knit teams and employees. You are the core of a values-driven organization. You have an entrepreneurial spirit. You enjoy working as a part of well-knit teams. You value the team over the individual. You welcome diversity at work and within the greater community. You aren't afraid to take risks. You appreciate a growth path with your leadership team that journeys how you can grow inside and outside of the organization. You thrive upon continuing education programs that your company sponsors to strengthen your skills and for you to become a thought leader ahead of the industry curve. You are excited about creating change because your skills can help the greater good of every customer, industry, and community.

We are hiring a talented Security Engineering Lead – DevSecOps.

Location: Remote within LATAM

We are a leading technology consultancy supporting a Fortune 50 enterprise IT organization in the delivery of complex, security-focused engineering initiatives. As part of a critical enterprise-wide program, we are seeking a Security Engineering Lead to drive strategy, execution, and coordination across DevSecOps enablement, code security, and secret hygiene. This is a high-impact, long-term opportunity ideal for a seasoned cybersecurity professional with expertise in DevSecOps, GitHub Enterprise, and secret management architecture—with a passion for improving enterprise security posture through modern tools, automation, and emerging technologies. Experience at global consultancies, Big 4 firms, or other large-scale IT environments is highly valued. This is a remote role with limited travel, which may be requested but is not required.

Role Summary

As the Security Engineering Lead – DevSecOps, you will play a strategic and hands-on leadership role in improving the enterprise's source code security posture. The initial focus of this engagement involves the identification and remediation of exposed, unprotected text-form secrets embedded in GitHub repositories. You will lead efforts to assess repository risk, build scalable remediation workflows, and align practices with long-term governance and compliance goals. You will also guide tooling integrations, such as GitGuardian, and support continuous monitoring through platforms like Azure DevOps, ServiceNow, and others. Familiarity with AI or GenAI use cases that enhance security operations is preferred.

Key Responsibilities

• Lead the DevSecOps strategy and implementation of secure source code practices, with an initial focus on remediating exposed secrets in GitHub repositories
• Drive the assessment and mitigation of plaintext credentials, tokens, and secrets in codebases, aligning with security best practices
• Define and enforce governance policies for secrets, PATs, SSH keys, and rogue/public repositories
• Evaluate and support enterprise-wide GitGuardian integration for proactive secret scanning and alerting
• Design and oversee remediation workflows via ServiceNow, including SLA definitions and resolution tracking
• Continuously assess and improve the security posture of internal repositories through automated and repeatable compliance processes
• Create and maintain dashboards and metrics to measure remediation progress and hygiene improvement
• Develop training content and lead outreach campaigns to promote secure development practices
• Contribute to identifying AI/GenAI-enhanced security solutions that improve detection, remediation, and reporting efficiency

Required Qualifications

• 8+ years of experience in security engineering, DevSecOps, or application security in enterprise-scale environments
• Strong expertise in GitHub Enterprise, especially in scanning, securing, and managing sensitive content within repositories
• Demonstrated success in identifying and remediating text-based secrets and credentials within code repositories
• Experience with GitGuardian or similar secret detection tools
• Familiarity with ServiceNow or equivalent platforms for triaging security issues and tracking remediation
• Proven ability to assess security posture and implement governance frameworks for secure development
• Strong communication skills and experience guiding both technical and non-technical audiences through security initiatives
• Comfortable working across collaboration tools such as Microsoft Teams and Outlook

Preferred Qualifications

• Experience working in or consulting for Big 4 firms, global consultancies, or large enterprise IT organizations
• Exposure to AI/GenAI use cases in security automation, threat detection, or posture monitoring
• Hands-on experience with secure SDLC and DevSecOps pipeline integrations
• Understanding of GRC frameworks such as NIST, CIS Controls, or ISO 27001
• Experience managing or collaborating with onshore/offshore security delivery teams

Why Join Us?

• Take a leadership role in a high-visibility DevSecOps initiative within a global enterprise environment
• Partner with a world-class consultancy delivering critical, modernized security solutions
• Shape and implement secure development practices using tools like GitHub Enterprise, GitGuardian, and ServiceNow
• Help drive innovation through AI-assisted remediation strategies
• Enjoy a remote-first engagement with long-term potential and technical ownership