Director of Application and DevSecOps Security

About This Role

Responsibilities

• Define and lead the enterprise Application Security and DevSecOps strategy aligned to business objectives.
• Build and mature a shift-left security program integrated into CI/CD pipelines.
• Establish and implement roadmap for API security, including governance, discovery, and runtime protection.
• Balance governance with enablement by establishing guardrails, reusable patterns, and self-service security tooling that empower engineering teams.
• Lead, mentor, and grow a high-performing security engineering team.
• Oversee secure coding practices, SAST/DAST/SCA tooling, and vulnerability management processes.
• Define API security standards including authentication, authorization, rate limiting, and data protection.
• Drive threat modeling practices across critical applications and services.
• Partner with engineering and development teams to remediate risks and improve secure design patterns.
• Embed automated security controls into CI/CD pipelines.
• Champion developer-first security tooling and workflows.
• Partner with DevOps teams to ensure secure infrastructure-as-code (IaC) practices.
• Measure and improve security posture through pipeline metrics and KPIs.
• Define and maintain secure SDLC policies, standards, and control frameworks.
• Establish secure design and architecture requirements for new systems.
• Ensure alignment with regulatory and compliance requirements (e.g., SOC 2, ISO 27001, NIST).
• Lead security reviews and design approvals for critical initiatives.
• Design and implement role-based and just-in-time developer security training programs.
• Build secure coding guidelines and internal knowledge resources.
• Drive security awareness and culture across engineering teams.
• Partner with leadership to ensure adoption and accountability.
• Define KPIs and KRIs for application and DevSecOps security maturity.
• Report on risk posture, vulnerabilities, and program effectiveness to executive leadership.
• Continuously assess and improve tooling, processes, and coverage.

Requirements

• 10+ years of experience in cybersecurity with a strong focus on application security and DevSecOps.
• 5+ years in a leadership or director-level role managing teams.
• Deep expertise in secure SDLC, application security testing (SAST, DAST, SCA), and API security.
• Experience integrating security into CI/CD pipelines and cloud-native environments (AWS, Azure, or GCP).
• Experience with container security, Kubernetes security, serverless security concepts and delivery.
• Strong knowledge of modern architectures (microservices, containers, Kubernetes).
• Proven experience building security programs and influencing engineering culture.

Benefits & Perks

About Gainwell Technologies

Gainwell Technologies is a prominent provider of digital and cloud-enabled solutions for health and human services programs, boasting over 50 years of experience in healthcare technology. The company specializes in Medicaid administration and serves clients across all 50 U.S. states and territories. Established in 2020 through a divestiture from DXC Technology, Gainwell expanded its capabilities with the acquisition of HMS, Inc. in 2021 and is headquartered in McLean, Virginia. Gainwell offers a range of services designed to modernize public health and human services. Their core solutions include data and analytics tools, provider solutions, and systems integration services. They focus on enhancing care delivery, improving outcomes for vulnerable populations, and ensuring cost savings. Gainwell's innovative offerings leverage cloud-ready platforms and AI to provide actionable insights, optimize medication management, and support community well-being. The company primarily serves government agencies, health plans, and managed care organizations, impacting approximately 70 million Medicaid enrollees nationwide.