DevSecOps Architect — AI Security & Supply Chain

Key Responsibilities

• Design, deploy, and operate enterprise artifact repository platforms supporting cloud and hybrid environments.
• Define and enforce package curation, promotion, and trust models aligned with application security and compliance requirements.
• Implement and govern waiver and approval workflows for dependency and artifact usage, ensuring risk‑based decision‑making.
• Partner with AppSec, platform, and engineering teams to standardize secure dependency and artifact consumption patterns.
• Define and maintain repository architectures supporting multiple environments, teams, and trust boundaries.
• Enforce policies ensuring artifact immutability, provenance, versioning, and trusted sourcing.
• Integrate artifact repositories into CI/CD pipelines built on GitHub, Jenkins, and Azure DevOps.
• Embed security controls for AI/ML and GenAI workloads within CI/CD pipelines and developer workflows.
• Define and enforce secure usage patterns for LLMs and AI services, including prompt handling, data protection, and model access controls.
• Implement safeguards against AI‑specific threats, including prompt injection, model poisoning, data leakage, and insecure model outputs.
• Integrate AI security scanning and validation into build pipelines, ensuring safe model usage and dependency integrity.
• Collaborate with engineering teams to establish secure‑by‑design AI application architectures.
• Ensure compliance with enterprise Responsible AI policies (data privacy, bias management, model governance).
• Secure AI‑related secrets, tokens, and API access used in pipelines and applications.
• Monitor and respond to security risks introduced by AI/ML components, including third‑party models and APIs.
• Contribute to AI risk governance, auditability, and traceability across the SDLC.
• Stay current on emerging AI security threats, vulnerabilities, and regulatory expectations.
• Align artifact and dependency controls with cloud security best practices for deployed applications.
• Monitor usage, risk posture, and effectiveness of artifact controls and drive continuous improvement.
• Develop automation and policy‑as‑code for artifact lifecycle management, approvals, and governance.
• Support security incident investigations related to software supply chain integrity or dependency risk.
• Create documentation, standards, and enablement materials for secure developer adoption.

Required Qualifications

• Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or equivalent experience.
• 3–6 years of experience in DevSecOps, platform security, or software supply chain security.
• Strong hands‑on experience with JFrog Artifactory, including deployment and enterprise architecture.
• Experience designing package curation and promotion models.
• Foundational understanding of AI/ML and Generative AI concepts, including LLMs and model lifecycle.
• Knowledge of AI/ML security risks such as prompt injection, data poisoning, model evasion, and data leakage.
• Experience integrating AI or ML components into applications or pipelines (preferred hands‑on exposure).
• Familiarity with Responsible AI principles and AI governance frameworks.
• Experience implementing waiver and approval workflows for dependencies and artifacts.
• Strong understanding of application security principles and dependency risk management.
• Hands‑on experience integrating repositories with GitHub, Jenkins, and Azure DevOps pipelines.
• Experience working in cloud environments (Azure preferred; AWS/GCP acceptable).
• Proficiency with automation and scripting (Python, Groovy, Terraform, etc.).
• Knowledge of modern SDLC and DevSecOps operating models.

Equal Opportunity Employer

S&P Global is an equal opportunity employer and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law.