Safety Processes Specialist leading initiatives to enhance process safety amid operations. Collaborating with teams to mitigate risks and ensure compliance in operational bases at ALE.
About the role
- Director leading Security & Compliance Engineering for Pearson Software Group to embed security into SDLC and manage risk effectively.
Responsibilities
- Architect and institutionalize secure SDLC practices (threat modeling, secure coding, dependency hygiene, automated testing, release gating).
- Own DevSecOps integration across CI/CD (SAST/DAST/IAST, secrets scanning, SBOM, container/image hardening, IaC policy checks).
- Drive “shift-left” security through reusable CI/CD templates, policy-as-code, and golden paths.
- Partner with platform/SRE to enforce WAF, API AuthN/AuthZ, mTLS, and runtime protections via guardrails—not gates.
- Publish “paved road” toolchains, reference architectures, and code libraries with secure defaults.
- Stand up sandboxed environments (e.g., GitPod) and secure-by-default scaffolds to accelerate teams.
- Deliver targeted training for engineers (OWASP, secrets, auth, threat modeling) tied to real code and pipelines.
- Lead SOC 2 Type 2, HECVAT, and institutional reviews using automated evidence from pipelines and platforms.
- Define OKRs and SLAs for vulnerability remediation, secrets rotation, agent coverage, and audit readiness; publish executive dashboards.
- Align compliance asks with product/engineering roadmaps; triage by business risk and customer impact.
- Own vulnerability management (Qualys/Snyk/OSS posture), secrets lifecycle and key rotation, and perimeter/API security.
- Continuously monitor control health; ensure clear ownership, escalation paths, and exception processes.
- Improve MTTD/MTTR by integrating detections with engineering telemetry and runbooks.
- Optimize run costs for security tooling and tests; ensure renewals/SOWs are timely and value-based.
- Report posture, compliance status, and maturity trends; drive continuous improvement and transparency.
- Champion a blameless, learning culture that balances speed and safety.
Requirements
- 10+ years in software engineering or DevSecOps; 5+ years leading secure SDLC at scale (cloudfirst; AWS preferred).
- Expertise in CI/CD automation, SAST/DAST/IAST, SBOM/OSS governance, secrets management,and API/perimeter security.
- Hands-on experience integrating controls into developer workflows (policy-as-code, pipelines, pre-commit/pre-merge checks).
- Proven delivery of SOC 2 Type 2/HECVAT using automated, system-of-record evidence.
- Executive communication; OKR setting; budget ownership; ability to influence product/engineering/security.
Benefits
- Eligible to participate in an annual incentive program
Job title
Job type
Experience level
Salary
Degree requirement
No Education Requirement
Tech skills
Location requirements
Ciberseguridad OT/ICS specialist managing security for industrial control systems at Acuity. Working closely with cross - functional teams to implement security measures and compliance.
IT & Cloud Security Engineer at HARMAN leading Cloud Security strategy and risk governance initiatives. Working with cross - functional teams to enhance security posture and manage vendor relationships.
Cybersecurity Engineer assessing and designing Zero Trust Architecture for SSA. Focusing on gap analysis and implementation strategies across zero trust pillars and aligning with business processes.
Senior Cybersecurity Assessor conducting cybersecurity program assessments using NIST CSF and RMF principles. Identifying strengths and weaknesses while developing recommendations for improvement in the Agency’s cybersecurity posture.
Senior Cybersecurity Risk Advisor providing expert - level guidance to Agency’s CSRM Program Team and executives. Reviewing deliverables and ensuring alignment with federal guidance and best practices.
Mid - level SailPoint Identity Security Cloud Platform Specialist enhancing Identity and Access Management at Boeing. Collaborating on application onboarding and identity governance solutions for a transforming IAM ecosystem.
Security Guard ensuring safety and security at Lincoln Electric facility in Euclid, Ohio. Monitoring access control systems, alarm systems, and coordinating emergency responses effectively.
Senior Security Consultant delivering complex cybersecurity engagements for high - profile clients. Advising organizations on critical national infrastructure security and compliance.
Cybersecurity & Data Security Junior Associate supporting organizations in data protection through risk assessments and policy development. Collaborating with teams for meaningful contributions in cybersecurity.