More jobs:
DevSecOps & Supply Chain Security Consultant
Job in
Tewksbury, Middlesex County, Massachusetts, 01876, USA
Listed on 2026-06-30
Listing for:
Lorven technologies
Full Time
position Listed on 2026-06-30
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, Data Security
Job Description & How to Apply Below
Hi ,
Job Title:Dev Sec Ops & Supply Chain Security Consultant
Location:
Tewksbury, MA 01876 Qualifications & Experience
- Bachelor's degree in Computer Science, Cybersecurity, Information Technology, Software Engineering, or a related field with over all 13-14+ years of experience and 7-10 years in Dev Sec Ops , Secure SDLC, CI/CD security, or software supply chain security.
- Strong experience implementing and assessing Dev Sec Ops practices
, secure software delivery pipelines, and secure SDLC methodologies. - Hands‑on experience with Software Bill of Materials (SBOM) frameworks such as CycloneDX and SPDX
, including 2+ years of SBOM analysis and governance. - Experience with Software Composition Analysis (SCA) tools such as Snyk, Black Duck, Mend (White Source), Sonatype Nexus IQ
, or similar. - Strong knowledge of CI/CD pipeline security
, artifact integrity, secure build processes, release governance, and pipeline hardening using tools such as Jenkins, Git Lab CI, Git Hub Actions, or Azure Dev Ops
. - Experience with vulnerability management
, dependency governance, remediation tracking, and patch management processes. - Hands‑on experience implementing and managing secrets management solutions such as Hashi Corp Vault, AWS Secrets Manager, Azure Key Vault
, or similar. - Strong understanding of logging, auditability, security event traceability
, and compliance evidence management. - Familiarity with Kubernetes, container security, cloud security
, and modern software supply chain security frameworks such as SLSA is preferred. - Experience working in regulated environments
, cybersecurity assessments, or compliance-driven security programs is highly desirable. - Excellent analytical, documentation, communication, stakeholder management, and problem‑solving skills.
- Assess and review Secure SDLC processes, Dev Sec Ops practices, and software development lifecycle controls.
- Evaluate software supply chain security
, including SBOM generation, validation, dependency governance, third‑party component risk, and Software Composition Analysis (SCA). - Review and assess CI/CD pipeline security
, artifact integrity, build security, release governance, and secure deployment practices. - Evaluate secrets management across development, build, deployment, and production environments to ensure secure credential handling.
- Assess logging, auditability, security monitoring, and traceability controls to support compliance and forensic investigations.
- Review vulnerability management processes, remediation tracking, patch governance, and dependency risk management.
- Support lifecycle security assessments
, compliance evidence mapping, audit readiness, and security control validation.
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×