[Hiring] Senior Manager, DevSecOps @DoubleVerify

Role Description

We are looking for a Senior Manager, DevSecOps to lead a group of engineers working across multiple teams integrating security into our DevOps, CI/CD, IaC pipelines, and AI/ML workloads, ensuring secure, compliant, and efficient software delivery across the organization.

As a DevSecOps Sr. Manager at DoubleVerify, you will oversee technical design and execution across multiple functional areas while providing strategic leadership on DevSecOps best practices, cloud-native security, AI/ML security, and automation.

You will lead teams of 2-5+ DevSecOps and security engineers across multiple infrastructure areas, fostering a culture of security throughout the software development lifecycle (SDLC) and AI/ML pipelines.

This role requires balancing technical depth in areas such as Infrastructure-as-Code (IaC), container security, and AI security with strategic leadership to drive security initiatives across the organization. The ideal candidate will serve as a technical leader who can architect secure solutions for both traditional and AI workloads, develop their teams' capabilities, and work cross-functionally with engineering teams to embed security practices into every stage of development, deployment, and AI model lifecycle.

Responsibilities

• Manage and lead multiple DevSecOps teams, mentor and hire senior DevSecOps and security engineers, building high-performing teams focused on security excellence across traditional and AI workloads.
• Secure AI/ML pipelines and infrastructure by implementing security controls for model deployment environments, ensuring protection against AI-specific threats such as prompt injection, data poisoning, and model extraction.
• Establish AI security governance frameworks including policies for LLM usage, RAG (Retrieval Augmented Generation) systems security, MCP (Model Context Protocol) security, and AI supply chain risk management.
• Implement automated security scanning for AI artifacts including model files, training datasets, and AI-generated code, integrating these checks into CI/CD pipelines alongside traditional SAST, DAST, and SCA tools.
• Oversee security for AI workload identity and access management, ensuring proper authentication, authorization, and encryption for AI services, APIs, and vector databases used in RAG systems.
• Lead AI security incident response for threats specific to AI/ML systems including adversarial attacks, model theft, data leakage through LLM outputs, and unauthorized AI service usage.
• Ensure adherence to compliance standards such as SOC 2, ISO 27001, SOX, and MRC by automating compliance evidence collection, with special focus on AI governance and responsible AI principles.
• Define and execute DevSecOps strategy aligned with business objectives, security requirements, and emerging AI security best practices across the organization.
• Create architecture designs for security systems and services spanning multiple teams and infrastructure areas, including AI-specific security architectures.
• Drive continuous improvement of security automation, AI security tooling, and processes across traditional and AI workloads.
• Establish security metrics and KPIs to measure team effectiveness, security posture, and AI risk exposure.
• Foster a culture of security awareness and AI security best practices across engineering, data science, and product teams.
• Collaborate with senior/executive management regularly on security strategy, AI risk management, and cross-organizational security initiatives.

Qualifications

• 5-6+ years of experience in Cybersecurity/DevOps, or DevSecOps, with proven experience leading security teams of ~5+ engineers across multiple infrastructure areas.
• Bachelor's degree in Computer Science, Information Systems, or equivalent experience in a related field.

Requirements

• AI/ML Security: LLM security (prompt injection, jailbreaking, data leakage), model security, AI supply chain security, adversarial ML defense, RAG system security, vector database security, MCP security.
• AI Governance & Compliance: Responsible AI frameworks, AI risk assessment, model governance, AI audit trails, privacy-preserving ML techniques.
• AI Pipeline Security: Securing model training environments, ML pipeline security, model versioning and provenance, AI artifact scanning, AI workload isolation.
• AI Identity & Access: AI service authentication, API security for AI endpoints, token management for LLM services, workload identity for AI inference.
• Network Security: Firewalls, segmentation, intrusion detection/prevention systems, AI traffic analysis.
• Encryption and Cryptography: TLS/SSL, certificate management, encryption at rest and in transit, secure model storage.
• Identity and Access Management: IAM, Keycloak, Teleport, Workload Identity, AI service accounts.
• Operating System Security: Hardening, patch management, compliance frameworks.
• Application Security: Container security, Kubernetes security policies, SAST, DAST, SCA tools, AI-generated code scanning.
• Threat Intelligence and Analysis: Vulnerability scanning, AI threat detection, adversarial attack detection.
• Incident Response and Forensics: Security incident handling, AI-specific incident investigation, model forensics.
• Risk Management and Compliance: SOC2, ISO 27001, SOX, AI governance frameworks, audit preparation and evidence collection.
• Security Architecture and Design: Zero Trust principles, defense in depth strategies, AI security architecture patterns.
• Automation and Scripting: Security automation, ACME, certbot, Python, Bash, AI security tooling automation.
• Cloud Security: GCP, AWS, OCI security controls and best practices, AI service security configurations.

Benefits

• Competitive salary range: $131,000 - $260,000 based on qualifications.
• Eligible for bonus/commission (as applicable), equity, and benefits.

Company Description

DoubleVerify is a big data and analytics company. We track and analyze tens of billions of ads every day for the biggest brands in the world like Apple, Nike, AT&T, Disney, Vodafone, and most of the Fortune 500 companies.

We operate at a massive scale, our backend handles over 100B+ events per day, we analyze and process those events in real-time while making decisions on the environment where the ad is running and all the user interactions during the Ad display lifecycle.

We are global, with R&D centers in New York, Paris, London, Munich, Belgium, and more.

We believe that hiring people with a broad range of technical skillsets results in the highest satisfaction for our engineers and a strong return on investment for the company.