Overview
Software Security Lead –
Reporting to: Software Security Manager
Role Mission
The Software Security Lead operates under the direction of the Software Security Manager, who owns and Key Responsibilities
1. Software Security Governance & Standardization
- Execute the Secure SDLC framework defined by the Software Security Manager.
- Contribute to the evolution of security policies, standards, and development guidelines.
- Support project teams in applying secure coding, design, and architectural best practices.
- Maintain security documentation, templates, and technical guidance.
2. CI/CD Security & DevSecOps Integration
- Integrate security controls into CI/CD pipelines in cooperation with DevOps teams.
- Automate SAST, DAST, SCA, dependency scanning, and container security checks.
- Ensure CI/CD environments remain compliant with the Secure SDLC and PCInDSS requirements.
3. Risk Analysis, PCInDSS Compliance & Audits
- Support the Software Security Manager in implementing PCInDSS development controls.
- Prepare engineering teams for internal, partner, and external audits.
- Maintain compliance evidence and ensure traceability of security activities.
4. Vulnerability Lifecycle Management
- Lead vulnerability detection, analysis, triage, and remediation activities.
- Monitor SLAs, escalate blockers, and ensure closure of findings as per internal expectations.
- Contribute to security incident analysis and corrective action plans.
5. Team Enablement & Security Awareness
- Train development, QA, and DevOps teams on secure coding and SSDLC best practices.
- Promote security awareness and proactive risk identification across the business unit
- Act as the first line of technical support for software security questions and escalations.
Required Skills
Technical Skills
- Strong understanding of application security frameworks (OWASP, CWE, NIST SSDF).
- Hands on experience with SAST, DAST, SCA, container scanning, secrets management.
- Familiarity with technology stack (Java, C, UNIX, PowerCARD ecosystem).
- Strong understanding of DevOps toolchains and multi-site CI/CD operations.
Security & Compliance Skills
- Practical experience implementing SSDLC and DevSecOps principles.
- Knowledge of PCInDSS v4.0 requirements related to software development.
- Experience managing vulnerability lifecycle and coordinating with technical teams.
- Ability to support audits, compliance reporting, and corrective actions.
Leadership & Cross-Functional Skills
- Effective communication with technical teams and management.
- Ability to influence, challenge, and coach teams.
- Strong analytical skills and structured problemnsolving.
- Excellent teamwork across multiple company locations.
Profile
- Master’s degree in Computer Science, Cybersecurity, Engineering, or equivalent.
- 8–12 years in application security, DevSecOps, or secure architecture roles.
- Experience in payments or regulated industries is a strong plus.
Key Performance Indicators (KPIs)
- Vulnerability remediation SLA performance.
- PCInDSS compliance readiness and audit outcomes.
- Security control integration coverage in CI/CD pipelines.
- Reduction of repeated vulnerabilities.
- SSDLC adoption and maturity.
- Quality of reporting to the Software Security Manager.
Scope & Collaboration
- Daily collaboration with Development, QA, DevOps, Cybersecurity, Infrastructure, Project & Product teams.
- Influence across the entire business unit.