Lead, Dev SecOps; Charlotte, NC​/Stamford, CT

About the Role

Great company. Great people. Great opportunities. If you’d like the chance to make your mark with the world’s largest equipment rental provider, come build your future with United Rentals! As a Lead, Dev Sec Ops, you will own pipeline security, Cisco AI Defense operations, and code hardening practices across the development estate. You will partner with Engineering and Software Development to embed security into every stage of software delivery while operationalizing runtime AI protection for customer-facing LLM features.

Oversee a virtual team, build a security champions network, and serve as a technical advisor to the AI Governance Committee.

This is a hybrid role in Charlotte, NC / Stamford, CT.

• Own the end-to-end application security pipeline: SAST, DAST, SCA, secrets detection, IaC scanning, and container scanning across the Enterprise code estate.
• Define and enforce control gates; own the pipeline gating philosophy.
• Own the exception register with time‑bound exceptions, named compensating controls, and expiry dates.
• Drive migration of production code into Enterprise Git Hub to enable uniform scanning, gating, and provenance tracking.
• Partner with technical leaders on activity reviews, finding burn‑down, gate friction, and release‑level blockers.
• Establish provenance tagging for AI‑generated and third‑party code to pass the same gates as enterprise code.
• Analyze modern and legacy programming languages.
• Oversee Dev Sec Ops  tie‑ins with suppliers performing development activity.
• Operationalise Cisco AI Defense and Multi‑Cloud Defense across major public cloud providers.
• Operate Cisco AI Defense across the four major capabilities:
  Model & App Validation, Runtime Protection, Knowledge Security, and Cloud & Asset Visibility.
• Serve as a technical adviser to the AIGC, delivering validation reports, AI SBOMs, and risk inputs.
• Define and enforce AI guardrails policy including data classification, prompt injection defense, output safety controls, and agent action/tool‑use limits.
• Oversee the phased AI Defense deployment roadmap from foundation through full enforcement.
• Oversee IAM and SSO integrations with internally developed and SaaS tools.
• Coordinate with Sec Ops on incident response and playbook development related to Dev Sec Ops  and AI security.
• Consult on shadow AI discovery and employee AI tool usage.
• Lead the Dev Sec Ops  Analyst, set priorities, develop skills, and review work quality.
• Coordinate engineering resources on pipeline engineering, tool administration, and cloud posture work.
• Build and sustain a security champions network with champions in each development team, providing coaching, training, and support.
• Deliver OWASP‑aligned secure code training for Top
  10, API Top
  10, LLM Top
  10, and deep dives for development teams.
• Facilitate Dev Sec Ops  working sessions, leadership syncs, and executive reporting.
• Publish program metrics regularly.
• Partner with Sourcing to oversee supplier relationships tied to Dev Sec Ops .

• Bachelor’s degree in computer science, cybersecurity, software engineering, or comparable work experience.
• 7+ years of experience in application security, Dev Sec Ops , Dev Ops, or security engineering roles.
• Proven track record of building or significantly maturing a pipeline security program.
• Hands‑on experience integrating security tools into CI/CD pipelines.
• Strong understanding of modern software development practices such as Git workflows, containerization, IaC, and cloud‑native architectures.
• Experience defining and enforcing security gates in a development pipeline without creating undue friction.
• Demonstrated ability to lead cross‑functional initiatives involving development, infrastructure, and security teams.
• Experience mentoring junior security team members.
• Strong written and verbal communication skills, including presenting technical findings and program status to executive audiences.
• Advanced organizational skills and ability to manage multiple tasks/incidents.
• Experience with Snyk, Burp Suite, Aikido, or similar SAST/DAST/SCA platforms.
• Familiarity with AI/ML security concepts: prompt injection, model validation, AI supply chain risk.
• Experience…