DevSecOps Lead

POSITION SUMMARYLead product and engineering teams through adoption of DevSecOps principles to identify and remediate vulnerabilities, promote knowledge and train on secure development practices, drive ongoing improvements in security practices, and foster a community of cybersecurity awareness. Partner with technology and cybersecurity leadership to identify and implement initiatives to improve security practices. Responsible for collaboration with product and development teams to ensure identification and remediation of vulnerabilities and implementation of new cyber practices including the completion of security-related training. Deliver periodic updates to varying levels of leadership to raise visibility to ongoing cyber risk and progress towards adoption of cyber practices. Drive a community of security awareness by coordinating with security champions across the development teams, to review and share best practices and areas of opportunity.ESSENTIAL JOB FUNCTIONS• Leads interactive activities on cyber best practices and coaching of stakeholders across product and development teams and within the security organization• Identifies and promotes security best practices and controls across the organization• Designs, builds and defends scalable, secure, and robust secure engineering processes program• Leverage various CI/CD pipelines and tools to identify, assess, and advise on the remediate of vulnerabilities• Reviews periodic vulnerability scans and works on creating reports that will communicate the result to leadershipMINIMUM POSITION QUALIFICATIONS• 5+ years of experience in an IT development / DevOps role or related fields with working knowledge of Java, NodeJs, GoLang, .Net• Strong communication, presentation skills with experience working with varying levels of technical and business leadership • Experience with CI/CD pipelines and ALM tools necessary to conduct vulnerability scans, curate results, identify risk, and facilitate remediation• Be able to speak to containerization and virtualization and orchestration. Working with Terraform, Kubernetes, and Docker or alternatives like Podman to guide teams to best practice• Cloud certifications - Azure Security Engineer, Azure Solutions Architect, Azure Administrator, or like in GCP or AWS• Reporting, Excel, Business Intelligence platform experience• Understanding of controlled data and compliance requirements related to pci-dss, hipaa, sox, ccpa / gdprWhat would make someone successful or attracted to this role. 1. A development background 2. A security mindset 3. Someone that wants direct access to stakeholders and leadership. Someone that can speak up to vulnerabilities or address concerns that they see in the development of applications (a PM style, a leader in the space). This will be a gateway to get into the Security side and direct access to the CISO. This group will conduct pilots with development teams for 6-8 weeks and watch the ways of development and provide feedback and best practices. This is an ongoing effort because each team will be 6-8 weeks. This leader will help and have access for input across the Kroger CI/DC pipeline.Big technologies that they might work with daily or the data resulting from these tools:Snyk, SonarQube, Xray, Azure Defender, BurpSuite, AppScanTechnologies that they will get exposure to when working with teams:Kubernetes, Github Actions, Terraform, Java, GoLang, NodeJs, Rancher, Harness, Dynatrace, Azure DevOps, Docker, KafkAdditional Important Information from the Hiring Manager: • They would be drive change and innovation across cloud and traditional development platforms by identifying key problem areas and providing holistic solutions to ease implementation• Working with multiple teams using different technologies• Lead role in evolving towards a Secure-By-Design mindset• Contribute to, and learn from Kroger Security Champion Forum• Opportunity to develop and grow an application security program for a large organization with executive visibility. • Educate and mentor developers across many varied workstreams• Foster career growth for seasoned developers with a security mentality• Leadership visibility of progress and key findings• SNYK = so now you know• Work with CICD Kroger application program, cloud development in a secure manner• Azure. And GCP = Google Cloud Platform.• Work and in hand with Kroger security team• Big technologies that they might work with daily or the data resulting from these tools: Snyk, SonarQube, Xray, Azure Defender, BurpSuite, AppScan• Technologies that they will get exposure to when working with teams: Kubernetes, Github Actions, Terraform, Java, GoLang, NodeJs, Rancher, Harness, Dynatrace, Azure DevOps, Docker, Kafka

Created: 2025-11-15