DevSecOps & Supply Chain Security Consultant
Job in
Tewksbury, Middlesex County, Massachusetts, 01876, USA
Listed on 2026-07-04
Listing for:
Cloudious LLC
Full Time
position Listed on 2026-07-04
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, Data Security, Security Management & Operations
Job Description & How to Apply Below
Role
Dev Sec Ops & Supply Chain Security Consultant
Work LocationTewksbury, MA 01876 (Hybrid)
TypeC2C
Role SummaryAssess software supply chain security, SDLC maturity, SBOM governance, CI/CD pipeline controls, secrets management, logging/auditability, and vulnerability management to support lifecycle security evaluation and compliance traceability.
Key Responsibilities- Review SDLC processes, tooling, and secure development practices
- Assess software supply chain security, including SCA, SBOM accuracy/completeness, dependency governance, and third-party risk
- Evaluate CI/CD pipeline security, artifact integrity, and secure release controls
- Review secrets management across development, build, deployment, and operational environments
- Assess logging, auditability, and security event traceability controls
- Evaluate vulnerability management, remediation tracking, and patch governance processes
- Support lifecycle security assessment, compliance evidence mapping, and traceability
- Contribute to assessment reporting, remediation guidance, and release governance reviews
- Strong understanding of Dev Sec Ops and secure software delivery practices
- Experience with SBOM frameworks (CycloneDX, SPDX) and SCA tooling
- Familiarity with CI/CD security controls and artifact integrity validation
- Experience with vulnerability management and dependency governance programs
- Understanding of lifecycle security, auditability, and compliance evidence requirements
- Experience with secrets management and secure release governance
- Experience participating in CRA or regulated product security, or compliance-driven cybersecurity assessments
- Experience participating in engagement related to export-controlled environments
- Strong documentation skills
- Kubernetes / Cloud Security certifications preferred
- Dev Sec Ops or secure software supply chain experience preferred
- Familiarity with SLSA or modern software supply chain security practices
- Clearance / Compliance Requirements
- 7-10 years in setting up, maintaining and controls validation of Secure CI/CD pipelines across different type of tech stack.
- 2+ Years experience with SBOM analysis
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×