Lead, Dev SecOps (Charlotte, NC)

Responsibilities

• Pipeline Security & Code Hardening
• Own the end-to-end application security pipeline: SAST, DAST, SCA, secrets detection, IaC scanning, and container scanning across the Enterprise code estate
• Define and enforce control gates
• Manage the pipeline gating philosophy
• Own the exception register, including time-bound exceptions with named compensating controls and expiry dates
• Drive migration of production code into Enterprise GitHub to enable uniform scanning, gating, and provenance tracking
• Partner with technical leaders on activity reviews, finding burn-down, gate friction, and release-level blockers
• Establish provenance tagging for AI-generated and third-party code so it passes the same gates as enterprise code
• Analyze modern and legacy programming languages
• Oversee DevSecOps tie-ins with suppliers performing development activity
• AI Defense & Operations
• Operationalize Cisco AI Defense and Multi-Cloud Defense across the major public cloud providers
• Serve as a technical advisor to the AIGC, delivering validation reports, AI SBOMs, and risk inputs
• Define and enforce AI guardrails policy including data classification enforcement, prompt injection defense, output safety controls, and agent action/tool-use limits partnering with development and product teams
• Oversee the phased AI Defense deployment roadmap from foundation through full enforcement
• Oversee IAM and SSO integrations with both internally developed and SaaS tools
• Coordinate with SecOps on incident response and playbook development related to DevSecOps and AI security
• Consult on shadow AI discovery and employee AI tool usage
• AI Defense & Operations
• Lead the DevSecOps Analyst, setting priorities, developing skills, and reviewing work quality
• Coordinate the engineering resources on pipeline engineering, tool administration, and cloud posture work
• Build and sustain a security champions network with champions in each development team, providing coaching, training, and support
• Deliver OWASP-aligned secure code training (Top 10, API Top 10, LLM Top 10, Code Hardening) and role-based / language-based deep dives for development teams
• Facilitate DevSecOps working sessions, leadership syncs, and executive reporting
• Publish program metrics regularly
• Partner with Sourcing to oversee supplier relationships tied to DevSecOps

Requirements

• Bachelor's degree in computer science, cybersecurity, software engineering, or comparable work experience
• 7+ years of experience in application security, DevSecOps, DevOps, or security engineering roles
• Proven track record of building or significantly maturing a pipeline security program (SAST, DAST, SCA, secrets, containers)
• Hands-on experience integrating security tools into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, or similar)
• Strong understanding of modern software development practices such as Git workflows, containerization, infrastructure as code, and cloud-native architectures
• Experience defining and enforcing security gates in a development pipeline without creating undue friction
• Demonstrated ability to lead cross-functional initiatives involving development, infrastructure, and security teams
• Experience mentoring junior security team members
• Strong written and verbal communication skills, including the ability to present technical findings and program status to executive audiences
• Advanced organizational skills, ability to successfully manage multiple tasks/incidents
• Experience with Snyk, Burp Suite, Aikido, or similar SAST/DAST/SCA platforms
• Familiarity with AI/ML security concepts: prompt injection, model validation, AI supply chain risk
• Experience with Cisco AI Defense or similar AI

Additional Information

Great company. Great people. Great opportunities. If you'd like the chance to make your mark with the world's largest equipment rental provider, come build your future with United Rentals! As a Lead, Dev SecOps , you will own pipeline security, Cisco AI Defense operations, and code hardening practices across the development estate. You will partner with Engineering and Software Development to embed security into every stage of software delivery while operationalizing runtime AI protection for customer-facing LLM features. Oversee a virtual team comprised of dedicated Dev SecOps members and shared resources from other teams. Build a security champions network across development teams and serve as a technical advisor to the AI Governance Committee. **This is a hybrid role in Charlotte, NC** This is a technical leadership role that requires hands-on technical depth, cross-functional leadership, and the ability to build a program from the ground up.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at ur? Share your experience