DevSecOps​/Vulnerability Management Lead

A financial firm is looking for Dev Sec Ops /Vulnerability Management Lead to join their team in Iselin, NJ.

Compensation: $150-170k

US Citizens/GC Holders Only - No visa sponsorship

Candidates must be local - No relocation

• Needs to currently be working in a vulnerability management area
• Strong Dev Sec Ops  experience
• Python and finance experience
• SAST/DAST/SCA knowledge
• Strong documentation skills

• Establish and manage a comprehensive vulnerability management program, including:
  • Integration of scanning tools across source code, dependencies, containers, and infrastructure.
  • Continuous discovery, prioritization, and tracking of vulnerabilities.
  • Coordinating with development and infrastructure teams for timely remediation.
  • Root cause analysis and reporting on trends and recurring issues.
  • Lead the design and implementation of secure, automated CI/CD pipelines.
• Define and drive Dev Sec Ops  strategy in alignment with business goals and compliance standards.
• Embed security controls and tooling (SAST, DAST, SCA, IaC scanning, etc.) into the software development lifecycle.
• Collaborate closely with engineering, platform, and security teams to ensure scalable security architecture.
• Automate security testing and compliance checks within CI/CD workflows.
• Evaluate and implement security tools and platforms that support proactive risk management.
• Drive secure configuration management and enforcement through IaC and policy-as-code.
• Maintain awareness of emerging threats, vulnerabilities, and regulatory changes.
• Support internal and external audits, ensuring alignment with compliance frameworks (e.g., ISO 27001, SOC 2, GDPR).
• Provide technical mentoring and guidance on secure coding, cloud security, and Dev Sec Ops  best practices.

• 5+ years of hands-on experience in Dev Ops, Security Engineering, or Dev Sec Ops .
• Strong experience designing and managing vulnerability management workflows, ideally across multi-cloud and containerized environments.
• Familiarity with vulnerability scanning tools and platforms (e.g., Snyk, Tenable, Qualys, Trivy, Clair, etc.).
• Proficient in implementing CI/CD pipelines with tools such as Git Lab CI, Git Hub Actions, Jenkins, Circle
  
  CI.
• Deep understanding of cloud platforms (AWS, Azure, or GCP) and cloud-native security controls.
• Expertise in scripting (e.g., Python, Bash) and infrastructure-as-code (Terraform, Ansible).
• In-depth knowledge of application and infrastructure security, secure SDLC, and Dev Sec Ops  tooling.
• Strong knowledge of compliance and security frameworks: OWASP, NIST, CIS Benchmarks, ISO 27001.
• Excellent communication skills and ability to work across technical and non-technical stakeholders.
• Proven ability to lead cross-functional security initiatives and mentor engineers.