- Embed security into CI/CD pipelines, including Infrastructure as Code scanning, secrets management, Software Composition Analysis, policy-as-code, and deployment guardrails.
- Automate vulnerability management, patching, and remediation across cloud and containerized workloads.
- Harden cloud and Kubernetes environments through secure configurations, network segmentation, and workload identity management.
- Advance supply chain security by managing SBOMs, artifact signing, and dependency governance.
- Develop secure deployment patterns, including canary rollouts, safe rollbacks, and guardrails to minimize impact.
- Conduct security design reviews and threat modeling for new services and major architecture changes.
- Strengthen identity and access management practices, enforcing least privilege and secure secrets lifecycle.
- Support compliance and audit readiness by operationalizing controls and maintaining documentation.
- Partner with engineering teams to champion secure coding practices and risk-based decision-making.
- Define and report key security KPIs, driving continuous improvement across infrastructure and platform security.
AWSPythonGCP+6 more