E

AVP - DevSecOps Lead Security Engineer

EXL Service · India

12–20 yrs experiencefull_timePosted 1w ago
Apply now →

Job description

**Job Description: Strategy & Leadership** - Define and own the **DevSecOps and AI Security strategy** , roadmap, and operating model aligned to business and regulatory needs. - Act as a senior advisor to engineering, platform, AI, and product leaders on **secure architecture and risk trade-offs.** - Build and scale high-performing DevSecOps and AppSec teams; mentor other team members. - Represent security in executive forums, client discussions, audits, and risk reviews. **DevSecOps & Platform Security** - Lead security integration across **CI/CD pipelines** using Jenkins, GitHub/GitHub Actions, and similar tooling. - Establish enterprise standards for: - Secure build pipelines - Secrets management - IaC security (Terraform / CloudFormation) - Dependency and supply-chain security - Drive adoption of automated security controls: **SAST, DAST, SCA, API security, container scanning.** **Application Security** - Oversee application security programs including threat modeling, secure design reviews, and vulnerability management. - Monitor and improve the daily operations and BAU activities. **AI / GenAI Security** - Establish guardrails for **AI/GenAI solutions** , including LLM-based apps, RAG pipelines, and agentic workflows. - Assess and mitigate risks such as prompt injection, data leakage, insecure integrations, model abuse, and third-party AI risk. - Embed AI security controls into DevSecOps/MLOps pipelines (MLSecOps). **Governance, Risk & Compliance** - Translate regulatory and client security requirements into **practical engineering controls.** - Own security metrics, risk reporting, control evidence, and audit readiness. Ensure alignment with frameworks such as NIST, ISO 27001, SOC 2, OWASP (including LLM Top 10), and emerging AI standards. **Responsibilities: Strategy & Leadership** - Define and own the **DevSecOps and AI Security strategy** , roadmap, and operating model aligned to business and regulatory needs. - Act as a senior advisor to engineering, platform, AI, and product leaders on **secure architecture and risk trade-offs.** - Build and scale high-performing DevSecOps and AppSec teams; mentor other team members. - Represent security in executive forums, client discussions, audits, and risk reviews. **DevSecOps & Platform Security** - Lead security integration across **CI/CD pipelines** using Jenkins, GitHub/GitHub Actions, and similar tooling. - Establish enterprise standards for: - Secure build pipelines - Secrets management - IaC security (Terraform / CloudFormation) - Dependency and supply-chain security - Drive adoption of automated security controls: **SAST, DAST, SCA, API security, container scanning.** **Application Security** - Oversee application security programs including threat modeling, secure design reviews, and vulnerability management. - Monitor and improve the daily operations and BAU activities. **AI / GenAI Security** - Establish guardrails for **AI/GenAI solutions** , including LLM-based apps, RAG pipelines, and agentic workflows. - Assess and mitigate risks such as prompt injection, data leakage, insecure integrations, model abuse, and third-party AI risk. - Embed AI security controls into DevSecOps/MLOps pipelines (MLSecOps). **Governance, Risk & Compliance** - Translate regulatory and client security requirements into **practical engineering controls.** - Own security metrics, risk reporting, control evidence, and audit readiness. Ensure alignment with frameworks such as NIST, ISO 27001, SOC 2, OWASP (including LLM Top 10), and emerging AI standards. - Qualifications: Bachelor’s/master’s degree in engineering, Computer Science, or related field. - 10–14+ years in cyber security, DevSecOps, cloud security, or application security roles. - Certifications such as CISSP, CCSP, CISM, or cloud security certifications are a plus.