Senior DevSecOps - Cyber Security (Consulting)

Job summary

Cognizant is seeking a Senior DevSecOps / Security Consultant to enhance security practices within client software delivery lifecycles. This role involves assessing current DevSecOps capabilities, embedding existing security tools into developer workflows, and coaching engineering teams to build and operate platforms securely by default. The consultant will act as a bridge between Information Security and Engineering, promoting a continuous, automated, "shift-left" security model.

Qualifications

• Career built in cyber security, application security, or DevSecOps (not as a developer who pivoted to security)
• Comfortable reading pipelines, IaC, and application code to engage in technical conversations with senior engineers
• Pragmatic, collaborative, and delivery-minded approach to security
• Demonstrable experience running DevSecOps or AppSec maturity assessments using OWASP SAMM and/or NIST SSDF, and translating findings into prioritized roadmaps
• Track record of embedding security tooling into existing developer workflows, driving adoption, tuning signal-to-noise, and improving developer experience
• Working knowledge of CI/CD security tooling (SAST, SCA, DAST, IaC scanning, secrets detection) and platforms (GitHub Actions, Azure DevOps, GitLab)
• Solid grounding in container and cloud workload security (Docker, Kubernetes, Azure, AWS, or GCP)
• Experience facilitating threat-modeling and secure design workshops with diverse audiences, including practical use of STRIDE and MITRE ATT&CK
• Familiarity with OWASP (ASVS, Top 10, SAMM), NIST (SSDF, CSF), and MITRE ATT&CK, with practical application ability
• Strong communication skills to explain complex risks to developers, delivery leads, and CISOs, adjusting communication style as needed

Responsibilities

• Run DevSecOps Maturity Assessments
• Conduct comprehensive, evidence-based audits of client DevSecOps capabilities against industry frameworks (OWASP SAMM, NIST SSDF, OWASP ASVS, NIST Cybersecurity Framework, MITRE ATT&CK)
• Assess adoption, configuration, and effectiveness of existing controls (SAST, SCA, DAST, IaC scanning, container security, secrets management)
• Engage stakeholders (engineering, platform, InfoSec, product) to gather qualitative and quantitative evidence (interviews, workshops, pipeline telemetry, scan coverage, finding-to-fix data)
• Score product lines against SAMM business functions (Governance, Design, Implementation, Verification, Operations) and produce maturity scorecards
• Produce prioritized 12-month roadmaps, sequenced by risk reduction, delivery effort, and developer impact, aligning with broader security strategy
• Re-baseline maturity periodically to track progress
• Embed existing security tooling into developer workflows
• Integrate, configure, and ensure understanding of tools like Snyk, SonarQube, GitHub Actions, Azure DevOps, GitLab
• Tune signal-to-noise ratio, triage backlogs, suppress false positives, and calibrate severity thresholds
• Refine CI/CD security gates to protect security outcomes and developer flow
• Improve developer experience with clearer failure messages, faster feedback, IDE/pre-commit integrations, and golden-path templates
• Curate and maintain a library of secure CI/CD reference patterns
• Coach and enable engineering teams
• Embed with developer squads as a trusted security partner, attending stand-ups, sprint planning, and design reviews
• Run secure-coding clinics, brown-bag sessions, and pairing sessions to uplift security capability
• Translate vulnerability findings into clear, contextualized remediation guidance
• Champion a "security as an enabler" culture, building credibility through pragmatism and delivery awareness
• Develop enablement materials (playbooks, cheat sheets, onboarding guides)
• Lead threat modeling and secure design

Skills

Certifications

Relocation