Software Quality & Compliance Lead

Software Quality & Compliance Lead

Final date to receive applications: 31 March 2026

Department: Recruiting Done

Employment Type: Full Time

Location: Santa Monica

Compensation: $90,000 - $100,000 / year

Role Summary

Our client is looking for a Software Quality & Compliance Lead who will own the end-to-end quality bar across products and services. Define engineering standards, lead independent verification & validation, and operate the final quality/compliance gate before releases.

• Define, maintain, and enforce secure SDLC and quality policies across codebases and services.
• Lead independent V&V activities with objective evidence for acceptance.
• Conduct systematic code and design reviews (manual + tool-assisted) to prevent defects and regressions.
• Build and maintain automated quality gates in CI/CD (tests, coverage, SAST/DAST/SCA, license checks, SBOM generation).
• Drive software supply-chain hygiene (dependency governance, artefact signing, provenance, vulnerability SLAs).
• Own test strategy: plans, requirements traceability, environments, data, and the full defect lifecycle (triage → fix → verify → close).
• Prepare audit-ready documentation (test reports, risk registers, CAPAs) and lead corrective/preventive actions.
• Mentor engineers; publish playbooks, checklists, and run training sessions.
• Define and report KPIs (defect escape rate, MTTR for vulnerabilities, coverage, flaky-test rate, policy adherence).
• Serve as final go/no-go approver against quality and compliance criteria.

Qualifications

Required:

• 5+ years in software quality, Dev Sec Ops , security engineering, or V&V for cloud, distributed, or embedded/edge systems.
• Hands‑on experience with automated testing and CI/CD quality gates.
• Proficiency with at least two of: SAST, DAST, IAST, SCA, coverage/reporting frameworks, and end‑to‑end testing tools.
• Strong grasp of secure SDLC and modern software supply‑chain practices (SBOMs, attestations, artefact signing).
• Proficiency in one or more languages (e.g., Python, Type Script/JavaScript, Go, C/C++).
• Excellent documentation discipline and clear, concise communication.

Nice to have:

• Background in mission‑critical, safety‑critical, or regulated environments.
• Threat modelling and risk management (e.g., STRIDE), fuzzing, and runtime security.
• IaC security and policy‑as‑code (e.g., Terraform, OPA).
• Familiarity with standards/guidelines like CERT or MISRA, where relevant.
• Prior experience leading a quality/compliance or V&V function.

Typical Tooling (illustrative)

• Versioning/CI:
  Git Hub/Git Lab, CI runners
• Code Quality:
  CodeQL, Semgrep, Sonar Qube
• App Sec: OWASP ZAP/ Burp, Snyk/Dependabot, Trivy/Grype
• Testing: pytest, Jest, Playwright/Cypress
• Governance: SBOM (Cyclone
  
  DX/SPDX), artefact signing (e.g., cosign), reporting dashboards

• Collaborative, supportive team culture where cross‑functional work is the norm, and everyone contributes to problem‑solving.
• Fast‑paced, innovation‑driven culture that values creativity, problem‑solving, and technical mastery.
• Flexible PTO and comprehensive benefits that support work–life balance.