Senior Manager, DevSecOps

Senior Manager, DevSecOps We are looking for a Senior Manager, DevSecOps to lead a group of engineers working across multiple teams integrating security into our DevOps, CI/CD, IaC pipelines, and AI/ML workloads, ensuring secure, compliant, and efficient software delivery across the organization. As a DevSecOps Sr. Manager at DoubleVerify, you will oversee technical design and execution across multiple functional areas while providing strategic leadership on DevSecOps best practices, cloud‑native security, AI/ML security, and automation. You will lead teams of 2‑5+ DevSecOps and security engineers across multiple infrastructure areas, fostering a culture of security throughout the software development lifecycle (SDLC) and AI/ML pipelines. This role requires balancing technical depth in areas such as Infrastructure‑as‑Code (IaC), container security, and AI security with strategic leadership to drive security initiatives across the organization. The ideal candidate will serve as a technical leader who can architect secure solutions for both traditional and AI workloads, develop their teams' capabilities, and work cross‑functionally with engineering teams to embed security practices into every stage of development, deployment, and AI model lifecycle. Responsibilities Manage and lead multiple DevSecOps teams, mentor and hire senior DevSecOps and security engineers, building high‑performing teams focused on security excellence across traditional and AI workloads. Secure AI/ML pipelines and infrastructure by implementing security controls for model deployment environments, ensuring protection against AI‑specific threats such as prompt injection, data poisoning, and model extraction. Establish AI security governance frameworks including policies for LLM usage, RAG (Retrieval Augmented Generation) systems security, MCP (Model Context Protocol) security, and AI supply chain risk management. Implement automated security scanning for AI artifacts including model files, training datasets, and AI‑generated code, integrating these checks into CI/CD pipelines alongside traditional SAST, DAST, and SCA tools. Oversee security for AI workload identity and access management, ensuring proper authentication, authorization, and encryption for AI services, APIs, and vector databases used in RAG systems. Lead AI security incident response for threats specific to AI/ML systems including adversarial attacks, model theft, data leakage through LLM outputs, and unauthorized AI service usage. Ensure adherence to compliance standards such as SOC 2, ISO 27001, SOX, and MRC by automating compliance evidence collection, with special focus on AI governance and responsible AI principles. Define and execute DevSecOps strategy aligned with business objectives, security requirements, and emerging AI security best practices across the organization. Create architecture designs for security systems and services spanning multiple teams and infrastructure areas, including AI‑specific security architectures. Drive continuous improvement of security automation, AI security tooling, and processes across traditional and AI workloads. Establish security metrics and KPIs to measure team effectiveness, security posture, and AI risk exposure. Foster a culture of security awareness and AI security best practices across engineering, data science, and product teams. Collaborate with senior/executive management regularly on security strategy, AI risk management, and cross‑organizational security initiatives. Who you are Experience & Leadership: 5-6+ years of experience in Cybersecurity/DevOps, or DevSecOps, with proven experience leading security teams of ~5+ engineers across multiple infrastructure areas. Leads teams of two or more functional areas with authority over team processes, tools, and priorities; decisions may jeopardize business activities. Regularly interacts with senior/executive management, communicating timeline, scope, and technical concerns to all stakeholders. Leads Sev1/2 incidents for team’s areas of responsibility and provides strategic direction during major security events. Exercises supervision over costs, methods, and staffing with responsibility for resource utilization and budget for teams; may have subordinate supervisors or team leads. Bachelor's degree in Computer Science, Information Systems, or equivalent experience in a related field. DevSecOps Technical Expertise: AI/ML Security: LLM security (prompt injection, jailbreaking, data leakage), model security, AI supply chain security, adversarial ML defense, RAG system security, vector database security, MCP security. AI Governance & Compliance: Responsible AI frameworks, AI risk assessment, model governance, AI audit trails, privacy‑preserving ML techniques. AI Pipeline Security: Securing model training environments, ML pipeline security, model versioning and provenance, AI artifact scanning, AI workload isolation. AI Identity & Access: AI service authentication, API security for AI endpoints, token management for LLM services, workload identity for AI inference. Encryption and Cryptography: TLS/SSL, certificate management, encryption at rest and in transit, secure model storage. Identity and Access Management: IAM, Keycloak, Teleport, Workload Identity, AI service accounts. Application Security: Container security, Kubernetes security policies, SAST, DAST, SCA tools, AI‑generated code scanning. Threat Intelligence and Analysis: Vulnerability scanning, AI threat detection, adversarial attack detection. Incident Response and Forensics: Security incident handling, AI‑specific incident investigation, model forensics. Risk Management and Compliance: SOC2, ISO 27001, SOX, AI governance frameworks, audit preparation and evidence collection. Security Architecture and Design: Zero Trust principles, defense in depth strategies, AI security architecture patterns. Automation and Scripting: Security automation, ACME, certbot, Python, Bash, AI security tooling automation. Cloud Security: GCP, AWS, OCI security controls and best practices, AI service security configurations. Platform & Tooling: AI/ML Platforms: Vertex AI, SageMaker, Azure ML security configurations, LLM API security (OpenAI, Anthropic, Google AI), vector database security (Qdrant, Pinecone, Weaviate, ChromaDB). AI Security Tools: AI red‑team­ing tools, prompt injection detection, model scanning tools, AI observability and monitoring platforms, AI governance platforms. AI Development Tools: LangChain security, LlamaIndex security, AI agent framework security, model registry security, MLflow security. Cloud Platforms: GCP, AWS, OCI with expertise in cloud‑native security controls, AI service configurations, and AI workload security. CI/CD: GitHub Actions, GitLab CI, or Jenkins, and Harness with AI security integrations. Container Orchestration: Kubernetes and Docker, with focus on container security and AI workload orchestration. Infrastructure‑as‑Code (IaC): Terraform, Ansible, or Crossplane for both traditional and AI infrastructure. Leadership & Management: Creates architecture designs for systems and services spanning multiple teams and infrastructure areas. Researches new technologies and evaluates for adoption, particularly in AI security domain. Provides blueprints for new services and capabilities across teams. Creates epics and prioritizes work across multiple teams with strong expertise in primary specialization and working knowledge of others. Excellent communication and stakeholder management skills with ability to influence cross‑functional teams and senior leadership. Proven ability to balance technical execution with strategic planning, team development, and business objectives. Resume Keywords DevSecOps AI Security LLM Security Security CI/CD Infrastructure as Code (IaC) Cloud Security Application Security Vulnerability Management Compliance Automation SOC 2 ISO 27001 AI/ML Security Model Security RAG Security Prompt Injection SAST DAST SCA Container Security Kubernetes Security Threat Modeling Terraform Ansible AWS GCP Vertex AI SageMaker Vector Database Security AI Governance Adversarial ML Model Provenance SonarQube Snyk Aqua Security Twistlock Puppet Harness PCI HIPAA LangChain MLflow The successful candidate’s starting salary will be determined based on a number of non‑discriminating factors, including qualifications for the role, level, skills, experience, location, and balancing internal equity relative to peers at DV. The estimated salary range for this role based on the qualifications set forth in the job description is between $131,000 - $260,000. This role will also be eligible for bonus/commission (as applicable), equity, and benefits. As set forth in DoubleVerify’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law. #J-18808-Ljbffr DoubleVerify