DevSecOps Leader .
Ally and Your Career
The Opportunity
The Work Itself
- Develop and execute a comprehensive DevSecOps strategy that integrates security into the CI/CD pipelines
- Lead and mentor DevSecOps engineers, fostering a collaborative, high-performance team environment
- Work closely with cross-functional teams (engineering, IT, security, etc.) to ensure alignment on security best practices
- Partner with Development teams to ensure coding standards are in alignment with DevOps practices with respect to Tools, Standards and Security
- Design, implement, and manage secure, automated CI/CD pipelines using GitLab
- Integrate security tools (SAST, DAST, IAST, and open-source vulnerability scanning) into pipelines to catch vulnerabilities early in the development cycle
- Establish security gating mechanisms for code deployments, ensuring that only secure and compliant code is promoted to production
- Manage and secure infrastructure using AWS services (EC2, S3, Lambda, etc.), ensuring best practices in cloud security
- Implement infrastructure-as-code (IaC) with Terraform to provision, manage, and secure cloud resources
- Use containerization technologies (e.g., Docker, Kubernetes) to build, deploy, and manage secure containerized applications
- Implement and manage static and dynamic code analysis tools (e.g., SAST, DAST) to continuously monitor code for vulnerabilities
- Perform security risk assessments, vulnerability management, and remediation of security incidents
- Compliance & Governance
- Enforce compliance policies by integrating automated compliance checks within the DevOps pipeline
- Provide documentation and reporting for internal and external audits
- Work with AI-driven DevOps tools to enhance automation, monitoring, and continuous learning for teams
- Deliver regular training sessions to the development, operations, and security teams to keep security awareness high
The Skills You Bring
- Bachelor’s Degree in Computer Science, Engineering, Information Technology
- 5+ years of experience in DevSecOps, including hands-on experience with DevOps tools and security practices
- 5+ years of experience in Java, JavaScript, and Python coding
- Deep knowledge of CI/CD pipelines, automated deployments, and securing cloud-based applications
- Proficiency in GitLab, AWS, Terraform, Docker, Kubernetes, and related containerization technologies
- Experience with security scanning tools, such SAST, DAST, open-source, or related
- Familiarity with security automation and AI-driven tools in DevOps
- In-depth knowledge of security best practices, compliance standards, and regulatory frameworks
- Experience with AI/ML-based security monitoring tools
- Certifications like AWS Certified Solutions Architect, Certified Kubernetes Administrator (CKA), or Certified DevSecOps Professional
- Familiarity with code coverage tools
How We'll Have Your Back
Ally's compensation program offers market-competitive base pay and pay-for-performance incentives (bonuses) based on achieving personal and company goals. Our Total Rewards program includes industry-leading compensation and benefits plus additional incentives that are designed to meet your needs and those of your family so you can get the most out of your career and your life, including:
- Time Away: 11 paid holidays, 20 paid time off days, and 8 hours of volunteer time off, yearly (paid time off is prorated based on start date)
- Planning for the Future: plan for the near and long term with an industry-leading 401K retirement savings plan with matching and company contributions, student loan pay downs and 529 educational save up assistance programs, tuition reimbursement, employee stock purchase plan, and financial learning center and financial coach access.
- Supporting your Health & Well-being: flexible health and insurance options including medical, dental and vision, employee, spouse and child life insurance, short- and long-term disability, pre-tax Health Savings Account with employer contributions, Healthcare FSA, critical illness, accident & hospital indemnity insurance, and a total well-being program that helps you and your family stay on track physically, socially, emotionally, and financially.
- Building a Family: adoption, surrogacy and fertility assistance as well as paid parental and caregiver leave, Dependent Day Care FSA back-up child and adult/elder care days and childcare discounts.
- Work-Life Integration: other benefits including Mentally Fit Employee Assistance Program, subsidized and discounted Weight Watchers® program and other employee discount programs.
- Other compensations: depending on the role for which you are considered, you may be eligible for travel allowances, relocation assistance, a signing bonus and/or equity.
- To view more detailed information about Ally’s Total Rewards, please visit this link: https://www.ally.com/content/dam/pdf/corporate/ally-total-rewards-snapshot.pdf
Who We Are:
Ally Financial is a customer-centric, leading digital financial services company with passionate customer service and innovative financial solutions. We are relentlessly focused on "Doing it Right" and being a trusted financial-services provider to our consumer, commercial, and corporate customers. For more information, visit www.ally.com.
Ally is an equal opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity or expression, pregnancy status, marital status, military or veteran status, genetic disposition or any other reason protected by law.
We are committed to working with and providing reasonable accommodation to applicants with physical or mental disabilities. For accommodation requests, email us at work@ally.com. Ally will not discriminate against any qualified individual who is capable of performing the essential functions of the job with or without reasonable accommodation.