We in DoubleVerify believe that giving hiring people with a broad range of technical skillsets results in the highest satisfaction for our engineers and a strong return on investment for the company. We want people who love the idea of building secure automation tools and platforms that enable our developers to ship code safely and efficiently.

Responsibilities will include:

• Manage and lead multiple DevSecOps teams, mentor and hire senior DevSecOps and security engineers, building high-performing teams focused on security excellence across traditional and AI workloads.
• Secure AI/ML pipelines and infrastructure by implementing security controls for model deployment environments, ensuring protection against AI-specific threats such as prompt injection, data poisoning, and model extraction.
• Establish AI security governance frameworks including policies for LLM usage, RAG (Retrieval Augmented Generation) systems security, MCP (Model Context Protocol) security, and AI supply chain risk management.
• Implement automated security scanning for AI artifacts including model files, training datasets, and AI-generated code, integrating these checks into CI/CD pipelines alongside traditional SAST, DAST, and SCA tools.
• Oversee security for AI workload identity and access management, ensuring proper authentication, authorization, and encryption for AI services, APIs, and vector databases used in RAG systems.
• Lead AI security incident response for threats specific to AI/ML systems including adversarial attacks, model theft, data leakage through LLM outputs, and unauthorized AI service usage.
• Ensure adherence to compliance standards such as SOC 2, ISO 27001, SOX, and MRC by automating compliance evidence collection, with special focus on AI governance and responsible AI principles.
• Define and execute DevSecOps strategy aligned with business objectives, security requirements, and emerging AI security best practices across the organization.
• Create architecture designs for security systems and services spanning multiple teams and infrastructure areas, including AI-specific security architectures.
• Drive continuous improvement of security automation, AI security tooling, and processes across traditional and AI workloads.
• Establish security metrics and KPIs to measure team effectiveness, security posture, and AI risk exposure.
• Foster a culture of security awareness and AI security best practices across engineering, data science, and product teams.
• Collaborate with senior/executive management regularly on security strategy, AI risk management, and cross-organizational security initiatives.

Who you are

Experience & Leadership:

• 5-6+ years of experience in Cybersecurity/DevOps, or DevSecOps, with proven experience leading security teams of ~5+ engineers across multiple infrastructure areas.
• Leads teams of two or more functional areas with authority over team processes, tools, and priorities; decisions may jeopardize business activities.
• Regularly interacts with senior/executive management, communicating timeline, scope, and technical concerns to all stakeholders.
• Leads Sev1/2 incidents for team's areas of responsibility and provides strategic direction during major security events.
• Exercises supervision over costs, methods, and staffing with responsibility for resource utilization and budget for teams; may have subordinate supervisors or team leads.
• Bachelor's degree in Computer Science, Information Systems, or equivalent experience in a related field.

DevSecOps Technical Expertise:

• AI/ML Security: LLM security (prompt injection, jailbreaking, data leakage), model security, AI supply chain security, adversarial ML defense, RAG system security, vector database security, MCP security.
• AI Governance & Compliance: Responsible AI frameworks, AI risk assessment, model governance, AI audit trails, privacy-preserving ML techniques.
• AI Pipeline Security: Securing model training environments, ML pipeline security, model versioning and provenance, AI artifact scanning, AI workload isolation.
• AI Identity & Access: AI service authentication, API security for AI endpoints, token management for LLM services, workload identity for AI inference.
• Network Security: Firewalls, segmentation, intrusion detection/prevention systems, AI traffic analysis.
• Encryption and Cryptography: TLS/SSL, certificate management, encryption at rest and in transit, secure model storage.
• Identity and Access Management: IAM, Keycloak, Teleport, Workload Identity, AI service accounts.
• Operating System Security: Hardening, patch management, compliance frameworks.
• Application Security: Container security, Kubernetes security policies, SAST, DAST, SCA tools, AI-generated code scanning.
• Threat Intelligence and Analysis: Vulnerability scanning, AI threat detection, adversarial attack detection.
• Incident Response and Forensics: Security incident handling, AI-specific incident investigation, model forensics.
• Risk Management and Compliance: SOC2, ISO 27001, SOX, AI governance frameworks, audit preparation and evidence collection.
• Security Architecture and Design: Zero Trust principles, defense in depth strategies, AI security architecture patterns.
• Automation and Scripting: Security automation, ACME, certbot, Python, Bash, AI security tooling automation.
• Cloud Security: GCP, AWS, OCI security controls and best practices, AI service security configurations.

Platform & Tooling:

• AI/ML Platforms: Vertex AI, SageMaker, Azure ML security configurations, LLM API security (OpenAI, Anthropic, Google AI), vector database security (Qdrant, Pinecone, Weaviate, ChromaDB).
• AI Security Tools: AI red teaming tools, prompt injection detection, model scanning tools, AI observability and monitoring platforms, AI governance platforms.
• AI Development Tools: LangChain security, LlamaIndex security, AI agent framework security, model registry security, MLflow security.
• Cloud Platforms: GCP, AWS, OCI with expertise in cloud-native security controls, AI service configurations, and AI workload security.
• CI/CD: GitHub Actions, GitLab CI, or Jenkins, and Harness with AI security integrations.
• Container Orchestration: Kubernetes and Docker, with focus on container security and AI workload orchestration.
• Infrastructure-as-Code (IaC): Terraform, Ansible, or Crossplane for both traditional and AI infrastructure.

Leadership & Management:

• Creates architecture designs for systems and services spanning multiple teams and infrastructure areas.
• Researches new technologies and evaluates for adoption, particularly in AI security domain.
• Provides blueprints for new services and capabilities across teams.
• Creates epics and prioritizes work across multiple teams with strong expertise in primary specialization and working knowledge of others.
• Excellent communication and stakeholder management skills with ability to influence cross-functional teams and senior leadership.
• Proven ability to balance technical execution with strategic planning, team development, and business objectives.

Resume Keywords

Highest

DevSecOps AI Security LLM Security Security CI/CD Infrastructure as Code (IaC) Cloud Security Application Security Vulnerability Management Compliance Automation SOC 2 ISO 27001

Medium

AI/ML Security Model Security RAG Security Prompt Injection SAST DAST SCA Container Security Kubernetes Security Threat Modeling Terraform Ansible AWS GCP Vertex AI SageMaker

Low

Vector Database Security AI Governance Adversarial ML Model Provenance SonarQube Snyk Aqua Security Twistlock Puppet Harness PCI HIPAA LangChain MLflow

The successful candidate’s starting salary will be determined based on a number of non-discriminating factors, including qualifications for the role, level, skills, experience, location, and balancing internal equity relative to peers at DV.
The estimated salary range for this role based on the qualifications set forth in the job description is between $131,000 - $260,000 This role will also be eligible for bonus/commission (as applicable), equity, and benefits.
The range above is for the expectations as laid out in the job description; however, we are often open to a wide variety of profiles, and recognize that the person we hire may be more or less experienced than this job description as posted.

Not-so-fun fact: Research shows that while men apply to jobs when they meet an average of 60% of job criteria, women and other marginalized groups tend to only apply when they check every box. So if you think you have what it takes but you’re not sure that you check every box, apply anyway!