Lead, Dev SecOps (Charlotte, NC)

Great company. Great people. Great opportunities.If you’d like the chance to make your mark with the world’s largest equipment rental provider, come build your future with United Rentals! As a Lead, Dev SecOps, you will own pipeline security, Cisco AI Defense operations, and code hardening practices across the development estate. You will partner with Engineering and Software Development to embed security into every stage of software delivery while operationalizing runtime AI protection for customer-facing LLM features. Oversee a virtual team comprised of dedicated Dev SecOps members and shared resources from other teams. Build a security champions network across development teams and serve as a technical advisor to the AI Governance Committee.**This is a hybrid role in Charlotte, NC**This is a technical leadership role that requires hands-on technical depth, cross-functional leadership, and the ability to build a program from the ground up.What you’ll do:           Pipeline Security & Code HardeningOwn the end-to-end application security pipeline: SAST, DAST, SCA, secrets detection, IaC scanning, and container scanning across the Enterprise code estateDefine and enforce control gatesManage the pipeline gating philosophyOwn the exception register, including time-bound exceptions with named compensating controls and expiry datesDrive migration of production code into Enterprise GitHub to enable uniform scanning, gating, and provenance trackingPartner with technical leaders on activity reviews, finding burn-down, gate friction, and release-level blockersEstablish provenance tagging for AI-generated and third-party code so it passes the same gates as enterprise codeAnalyze modern and legacy programming languagesOversee DevSecOps tie-ins with suppliers performing development activityAI Defense & OperationsOperationalize Cisco AI Defense and Multi-Cloud Defense across the major public cloud providersOperate Cisco AI Defense across the four major capabilities: Model & App Validation (algorithmic red-teaming with gate evidence), Runtime Protection (prompt injection, jailbreak, data exfiltration filtering), Knowledge Security (data loss prevention and control), and Cloud & Asset Visibility (AI inventory across AWS/GCP/Azure/Oracle)Serve as a technical advisor to the AIGC, delivering validation reports, AI SBOMs, and risk inputsDefine and enforce AI guardrails policy including data classification enforcement, prompt injection defense, output safety controls, and agent action/tool-use limits partnering with development and product teamsOversee the phased AI Defense deployment roadmap from foundation through full enforcementOversee IAM and SSO integrations with both internally developed and SaaS toolsCoordinate with SecOps on incident response and playbook development related to DevSecOps and AI securityConsult on shadow AI discovery and employee AI tool usageAI Defense & OperationsLead the DevSecOps Analyst, setting priorities, developing skills, and reviewing work qualityCoordinate the engineering resources on pipeline engineering, tool administration, and cloud posture workBuild and sustain a security champions network with champions in each development team, providing coaching, training, and supportDeliver OWASP-aligned secure code training (Top 10, API Top 10, LLM Top 10, Code Hardening) and role-based / language-based deep dives for development teamsFacilitate DevSecOps working sessions, leadership syncs, and executive reportingPublish program metrics regularlyPartner with Sourcing to oversee supplier relationships tied to DevSecOpsRequirements:Bachelor’s degree in computer science, cybersecurity, software engineering, or comparable work experience7+ years of experience in application security, DevSecOps, DevOps, or security engineering rolesProven track record of building or significantly maturing a pipeline security program (SAST, DAST, SCA, secrets, containers)Hands-on experience integrating security tools into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, or similar)Strong understanding of modern software development practices such as Git workflows, containerization, infrastructure as code, and cloud-native architecturesExperience defining and enforcing security gates in a development pipeline without creating undue frictionDemonstrated ability to lead cross-functional initiatives involving development, infrastructure, and security teamsExperience mentoring junior security team membersStrong written and verbal communication skills, including the ability to present technical findings and program status to executive audiencesAdvanced organizational skills, ability to successfully manage multiple tasks/incidentsExperience with Snyk, Burp Suite, Aikido, or similar SAST/DAST/SCA platformsFamiliarity with AI/ML security concepts: prompt injection, model validation, AI supply chain riskExperience with Cisco AI Defense or similar AI runtime protection platformsCISSP, CSSLP, GWEB, GWAPT, or comparable work experienceExperience with OWASP frameworks (Top 10, API Top 10, ASVS, SAMM)Familiarity with scripting and automation (Python, PowerShell, Bash, or similar) for pipeline integrationExperience operating in a partnership-first model with development teams rather than a gate-and-block approachPreferred: PHP, RPG, JavaScript experienceWhy join us?We don’t just “talk the talk!” We’re an award-winning company (recently named a Glassdoor Best Place to Work in 2026) that truly cares about our people - That’s why we offer best-in-class benefits and perks that will support you and your family. In addition to our health and financial plans, we also offer:Paid Parental LeaveUnited Compassion FundEmployee Discount ProgramCareer Development & Promotional OpportunitiesAdditional Vacation Buy Up Program (US Only)Early Wage Access through Payactiv (US Hourly Only)Paid Sick LeaveAn inclusive and welcoming cultureExplore our comprehensive U.S. benefit offerings For Canadian benefits, click hereUnited Rentals