Job Description

Saviynt's AI-powered identity platform manages and governs human and non-human access to all of an organization's applications, data, and business processes. Customers trust Saviynt to safeguard their digital assets, drive operational efficiency, and reduce compliance costs. Built for the AI age, Saviynt is today helping organizations safely accelerate their deployment and usage of AI. Saviynt is recognized as the leader in identity security, with solutions that protect and empower the world’s leading brands, Fortune 500 companies and government institutions. For more information, please visit www.saviynt.com

This role requires the definition and execution of the DevSecOps strategy, encompassing the integration of security throughout the CI/CD pipeline and the entire Software Development Life Cycle (SDLC). The role is essential for maintaining the secure and compliant operation of multi-cloud environments (AWS, Azure, GCP) and containerized applications. Candidates must possess profound expertise in security automation, Infrastructure as Code (IaC), and relevant compliance frameworks, such as FedRAMP and NIST.

DevSecOps team plays a crucial role in driving security initiatives by working closely with Engineering, DevOps, InfoSec and Compliance teams to ensure security is embedded throughout the development and deployment lifecycle. The team would also provide clear ownership of security operations, improve risk management, and enable consistent enforcement of security best practices.

WHAT YOU WILL BE DOING

• Define DevSecOps strategy and Influence architecture and platform decisions
• Design and implement secure CI/CD pipelines with integrated security controls
• Embed security practices into SDLC (shift-left approach)
• Integrate and operationalize controls aligned with FedRAMP and cloud security best practices
• Apply secure coding practices aligned with OWASP Top 10 to reduce application vulnerabilities
• Automate security testing (SAST, DAST, SCA, container scanning, IaC scanning)
• Define and enforce secure coding standards and best practices
• Secure cloud environments (AWS / Azure / GCP) following FedRAMP security controls (NIST 800-53) where applicable
• Implement identity and access management (IAM), secrets management, and network security controls
• Harden Kubernetes clusters and containerized workloads
• Build and maintain security automation frameworks
• Develop scripts and tools (Python, Go, Bash) to improve security posture
• Monitor vulnerabilities and drive remediation efforts
• Identify and remediate vulnerabilities mapped to OWASP Top 10 categories

WHAT YOU BRING

• 7+ years of experience in relevant roles
• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field
• Hands-on experience with SAST, DAST, SCA, IaC, and container supply chain security
• Strong understanding of DevOps, DevSecOps, and Security Engineering principles
• Familiarity with compliance frameworks such as FIPS, CIS, FedRAMP, and NIST
• Strong experience with CI/CD tools (Jenkins, GitHub Actions, GitLab CI, etc.)
• Hands-on experience with cloud platforms (AWS, Azure, or GCP)
• Deep understanding of containerization (Docker) and orchestration (Kubernetes)
• Experience with Infrastructure as Code tools (Terraform, CloudFormation, etc.)
• Strong knowledge of application and infrastructure security principles
• Proficiency in scripting or programming languages (Python, Go, Bash, etc.)

Good to have

• Good understanding of AI models like Claude, Gemini and any other GPT models

• Working knowledge of AI Agents, MCP, LangChain, LangGraph and securing them

If required for this role, you will:- Complete security & privacy literacy and awareness training during onboarding and annually thereafter- Review (initially and annually thereafter), understand, and adhere to Information Security/Privacy Policies and Procedures such as (but not limited to):
> Data Classification, Retention & Handling Policy > Incident Response Policy/Procedures > Business Continuity/Disaster Recovery Policy/Procedures > Mobile Device Policy > Account Management Policy > Access Control Policy > Personnel Security Policy > Privacy Policy
Saviynt is an amazing place to work. We are a high-growth, Platform as a Service company focused on Identity Authority to power and protect the world at work. You will experience tremendous growth and learning opportunities through challenging yet rewarding work which directly impacts our customers, all within a welcoming and positive work environment. If you're resilient and enjoy working in a dynamic environment you belong with us!
Saviynt is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.