Strategy & Leadership
- Define and own the DevSecOps and AI Security strategy, roadmap, and operating model aligned to business and regulatory needs.
- Act as a senior advisor to engineering, platform, AI, and product leaders on secure architecture and risk trade-offs.
- Build and scale high-performing DevSecOps and AppSec teams; mentor other team members.
- Represent security in executive forums, client discussions, audits, and risk reviews.
DevSecOps & Platform Security
- Lead security integration across CI/CD pipelines using Jenkins, GitHub/GitHub Actions, and similar tooling.
- Establish enterprise standards for:
- Secure build pipelines
- Secrets management
- IaC security (Terraform / CloudFormation)
- Dependency and supply-chain security
- Drive adoption of automated security controls: SAST, DAST, SCA, API security, container scanning.
Application Security
- Oversee application security programs including threat modeling, secure design reviews, and vulnerability management.
- Monitor and improve the daily operations and BAU activities.
AI / GenAI Security
- Establish guardrails for AI/GenAI solutions, including LLM-based apps, RAG pipelines, and agentic workflows.
- Assess and mitigate risks such as prompt injection, data leakage, insecure integrations, model abuse, and third-party AI risk.
- Embed AI security controls into DevSecOps/MLOps pipelines (MLSecOps).
Governance, Risk & Compliance
- Translate regulatory and client security requirements into practical engineering controls.
- Own security metrics, risk reporting, control evidence, and audit readiness.
Ensure alignment with frameworks such as NIST, ISO 27001, SOC 2, OWASP (including LLM Top 10), and emerging AI standards.