Senior DevSecOps Manager

Job Summary

At HP, talent is our criteria. Join us in reinventing the standard for diversity and inclusion. Bring your awesomeness, and just be you!

HP is the world’s leading personal systems and printing company. We create technology that makes life better for everyone, everywhere. Our innovation springs from a team of individuals, each collaborating and contributing their own perspectives, knowledge, and experience to advance the way the world works and lives.

DevSecOps Engineering Manager will be responsible for leading a team of engineers focused on integrating security practices seamlessly into the software development lifecycle, overseeing the implementation and maintenance of security tools and processes, and ensuring applications are developed and deployed with a high level of security throughout the entire DevOps pipeline.
 

Key Responsibilities:

• Strategic Leadership:
  • Define and execute a comprehensive DevSecOps strategy aligned with organizational security goals.
  • Establish security standards and best practices for the development and deployment process.
  • Bring AI automation into the CI/CD pipeline, enabling teams to anticipate and address vulnerabilities proactively.
  • Collaborate with development, security, and operations teams to ensure a secure and efficient software development life cycle (SDLC)
  • Manage budgets and resource allocation plans, vendors, provide monthly ops and cloud spend reporting.
  • Develop communication forums between development, security, and operations teams.
  • Ensure IT General Controls (ITGC) compliance and management, including access controls, change management, audits and data integrity.
• Team Management:
  • Recruit, develop, and mentor a high-performing DevSecOps engineering team.
  • Assign tasks, set clear expectations, and provide ongoing performance feedback.
  • Foster a collaborative environment where team members share knowledge and expertise.
  • Manage team capacity and prioritize projects to meet deadlines.
• Technical Oversight:
  • Evaluate and implement security tools and technologies to automate security checks within the CI/CD pipeline.
  • Review security architecture designs and assess potential vulnerabilities.
  • Monitor security dashboards and incident response systems to identify and address security issues promptly.
  • Stay updated on emerging security threats and trends to proactively mitigate risks.
• Incident Response:
  • Lead the change management response process for the organization.
  • Lead the security incident response process, including investigation, containment, remediation, and post-mortem analysis.
  • Develop and maintain security incident response plans.
  • Collaborate with security operations teams to effectively respond to security breaches.
• Compliance and Governance:
  • Ensure compliance with relevant security regulations and industry standards (e.g., GDPR, PCI DSS).
  • Conduct security assessments and audits to identify areas for improvement.
  • Develop and maintain security documentation, policies, and procedures.

Required Skills:

• Technical Expertise:
  • Deep understanding of software development practices and DevOps principles.
  • Proficiency in security tools and technologies (e.g., vulnerability scanners, code analysis tools, container security, cloud security services).
  • Knowledge of AI Technology and Tools and how they can be used in DevSecOps.
  • Knowledge of Agile/Scrum/DevOps methodologies.
  • AWS / Azure certification ( nice to have)
• Leadership Skills:
  • Excellent communication and interpersonal skills to build strong relationships with cross-functional teams.
  • Ability to communicate in technical and non-technical terms to all levels of staff.
  • Ability to work independently against multiple deadlines and shifting priorities.
  • Servant leadership style
  • Ability to influence stakeholders and drive security initiatives across the organization.
  • Strong problem-solving and decision-making capabilities.
• Security Knowledge:
  • Understanding of security concepts like threat modeling, risk assessment, access control, encryption, and identity management.
  • Awareness of common security vulnerabilities and mitigation strategies.
  • Knowledge of Security Protocols (HTTPS, SSL, TLS, PCT, IPsec, etc.).

Required Qualifications:

• Four-year or Graduate Degree in Computer Science, Information Systems, or any other related discipline .
• At least 10-15 years of experience with proven experience managing a team of DevSecOps engineers.
• Practical Experience with Azure DevOps / ADO  (CI/CD frameworks).
• Practical Experience with AWS services (API GW, VPC, SQS, Lambda, CloudFront, Kinesis).
• Knowledge of Insomnia/Postman, JMeter, or other testing/mocking frameworks.
• AWS Certified DevOps Engineer ( preferred)
• Knowledge of serverless architectures, and JSON/SOAP/XML.
• Knowledge of containerization (e.g., Docker) and orchestration (e.g., Kubernetes).
• Knowledge of Observability and backend performance monitoring (New Relic, Dynatrace, Thousand Eyes, Power BI etc...)
• Experience with network security, including firewalls, VPNs, and intrusion detection/prevention systems.
• Experience with Web Application Firewalls (WAF), Load Balancers and designing and implementing redundant systems for resilience and high availability (multi x - zone, region, vendor etc...)

Disclaimer
• This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc.

#LI-POST