At Iron Mountain we know that work, when done well, makes a positive impact for our customers, our employees, and our planet. That s why we need smart, committed people to join us. Whether you re looking to start your career or make a change, talk to us and see how you can elevate the power of your work at Iron Mountain.
We provide expert, sustainable solutions in records and information management, digital transformation services, data centers, asset lifecycle management, and fine art storage, handling, and logistics. We proudly partner every day with our 225,000 customers around the world to preserve their invaluable artifacts, extract more from their inventory, and protect their data privacy in innovative and socially responsible ways.
Are you curious about being part of our growth stor y while evolving your skills in a culture that will welcome your unique contributions? If so, lets start the conversation.
ABOUT THIS OPPORTUNITY.... (Bengaluru, India, Hybrid)
The Opportunity: We are seeking an exceptionally talented and seasoned DevSecOps Leader with over 15 years of progressive experience to champion and drive our DevSecOps initiatives across all product lines. This is a critical leadership role that will be instrumental in integrating security seamlessly into every phase of our software development lifecycle, fostering a security-conscious culture, and building robust, scalable, and secure product delivery pipelines.
You will lead a team of dedicated security and DevOps engineers, working closely with engineering leadership, product management, and other stakeholders to ensure that security is an inherent part of our product development, from design to deployment and operations.
Key Responsibilities: -
Strategic Leadership: Define, develop, and execute the DevSecOps strategy and roadmap, aligning it with the companys overall product and security objectives.
-
Architecture & Design: Lead the design and implementation of secure CI/CD pipelines, automated security testing (SAST, DAST, SCA, IAST), and infrastructure as code (IaC) with security best practices embedded.
-
Tooling & Automation: Evaluate, select, and implement DevSecOps tools and technologies to enhance security posture, efficiency, and automation. Drive the adoption of these tools across engineering teams.
-
Security by Design: Promote and enforce "security by design" principles throughout the software development lifecycle, ensuring security considerations are integrated from the initial stages of product conceptualization.
-
Threat Modeling & Risk Management: Lead threat modeling exercises and risk assessments for new and existing products, identifying vulnerabilities and implementing mitigation strategies.
-
Vulnerability Management: Establish and mature a robust vulnerability management program, including continuous monitoring, remediation, and reporting.
-
Compliance & Governance: Ensure adherence to relevant industry security standards, regulations, and internal policies. Support compliance audits and certifications.
-
Cultural Transformation: Foster a strong security-first culture within engineering and product teams through training, awareness programs, and continuous collaboration. Evangelize DevSecOps principles and practices.
-
Team Leadership & Mentorship: Build, mentor, and lead high-performing DevSecOps teams. Provide technical guidance, career development opportunities, and performance management.
-
Incident Response: Collaborate with the security operations team on incident response planning and participate in investigations related to product security.
-
Cross-functional Collaboration: Work closely with Engineering VPs, Directors, Architects, Product Managers, and other stakeholders to integrate security seamlessly into product roadmaps and releases.
-
Performance Metrics: Define and track key performance indicators (KPIs) for DevSecOps maturity, security posture, and remediation efforts.
Required Skills and Experience: -
15+ years of extensive experience in software development, DevOps, and Information Security, with a significant focus on building and leading DevSecOps initiatives in a product-centric environment.
-
Proven experience leading DevSecOps transformations in organizations with large-scale product deployments and distributed teams (especially across India).
-
Deep expertise in cloud security principles and experience with at least one major cloud provider (AWS, Azure, or GCP).
-
Strong understanding of secure coding practices , application security vulnerabilities (OWASP Top 10), and common attack vectors.
-
Hands-on experience with DevSecOps tools and technologies , including but not limited to:
-
CI/CD platforms (e.g., Jenkins, GitLab CI/CD, Azure DevOps, CircleCI)
-
Static Application Security Testing (SAST) tools (e.g., SonarQube, Checkmarx, Fortify)
-
Dynamic Application Security Testing (DAST) tools (e.g., OWASP ZAP, Burp Suite, Tenable.io)
-
Software Composition Analysis (SCA) tools (e.g., Snyk, Mend, Nexus Lifecycle)
-
Infrastructure as Code (IaC) tools (e.g., Terraform, Ansible, CloudFormation)
-
Container security tools (e.g., Clair, Trivy, Aqua Security, Twistlock/Palo Alto Networks Prisma Cloud)
-
Security Information and Event Management (SIEM) tools (e.g., Splunk, ELK Stack, Sumo Logic)
-
Proficiency in at least one scripting language (e.g., Python, Go, Bash).
-
Solid understanding of microservices architecture , APIs, and containerization technologies (Docker, Kubernetes).
-
Excellent leadership, communication, and interpersonal skills with the ability to influence and collaborate effectively at all levels of the organization.
-
Strong problem-solving abilities and a pragmatic approach to security challenges.
-
Bachelors or Masters degree in Computer Science, Information Security, or a related field.
-
Relevant industry certifications (e.g., CISSP, CISM, CSSLP, GCSA, CCSP) are a plus.
Category: Information Technology
