Skip to main content
Tallo logoTallo logo
Apply for this opportunity

This job application is on an outside website. Be sure to review the job posting there to verify it's the same.

DevSecOps & Supply Chain Security Consultant

Job

Digital Dhara LLC

Tewksbury, MA (In Person)

Full-Time

Posted 3 weeks ago (Updated 1 week ago) • Actively hiring

Expires 7/29/2026

Review key factors to help you decide if the role fits your goals.
Pay Growth
?
out of 5
Not enough data
Not enough info to score pay or growth
Job Security
?
out of 5
Not enough data
Calculating job security score...
Total Score
77
out of 100
Average of individual scores

Were these scores useful?

Skill Insights

Compare your current skills to what this opportunity needs—we'll show you what you already have and what could strengthen your application.

Job Description

Role Summary Assess software supply chain security, SDLC maturity, SBOM governance, CI/CD pipeline controls, secrets management, logging/auditability, and vulnerability management to support lifecycle security evaluation and compliance traceability. Key Responsibilities Review SDLC processes, tooling, and secure development practices Assess software supply chain security, including
SCA, SBOM
accuracy/completeness, dependency governance, and third-party risk Evaluate CI/CD pipeline security, artifact integrity, and secure release controls Review secrets management across development, build, deployment, and operational environments Assess logging, auditability, and security event traceability controls Evaluate vulnerability management, remediation tracking, and patch governance processes Support lifecycle security assessment, compliance evidence mapping, and traceability Contribute to assessment reporting, remediation guidance, and release governance reviews
Required Skills & Experience Mandatory:
Strong understanding of DevSecOps and secure software delivery practices Experience with SBOM frameworks (Cyclone
DX, SPDX
) and SCA tooling Familiarity with CI/CD security controls and artifact integrity validation Experience with vulnerability management and dependency governance programs Understanding of lifecycle security, auditability, and compliance evidence requirements Experience with secrets management and secure release governance Good to have: Experience participating in CRA or regulated product security, or compliance-driven cybersecurity assessments Experience participating in engagement related to export-controlled environments Strong documentation skills Preferred Certifications Kubernetes / Cloud Security certifications preferred DevSecOps or secure software supply chain experience preferred Familiarity with SLSA or modern software supply chain security practices Clearance / Compliance Requirements Years of Required Experience 7-10 years in setting up, maintaining and controls validation of Secure. CI/CD pipelines across different type of tech stack. 2+ Years experience with SBOM analysis