DevSecOps Lead

About Us:

YipitData is the leading market research and analytics firm for the disruptive economy and most recently raised $475M from The Carlyle Group at a valuation of over $1B. Every day, our proprietary technology analyzes billions of alternative data points to uncover actionable insights across sectors like software, AI, cloud, e-commerce, ridesharing, and payments.

Our data and research teams transform raw data into strategic intelligence, delivering accurate, timely, and deeply contextualized analysis that our customers, ranging from the world's top investment funds to Fortune 500 companies, depend on to drive high-stakes decisions. From sourcing and licensing novel datasets to rigorous analysis and expert narrative framing, our teams ensure clients get not just data, but clarity and confidence.

What It's Like to Work at YipitData:

YipitData isn't a place for coasting. It's a launchpad for ambitious, impact-driven professionals.

From day one, you'll take the lead on meaningful work, accelerate your growth, and gain exposure that shapes careers.

Why Top Talent Chooses YipitData:

• Ownership That Matters: You'll lead high-impact projects with real business outcomes
• Rapid Growth: We compress years of learning into month
• Merit Over Titles: Trust and responsibility are earned through execution, not tenure
• Velocity with Purpose: We move fast, support each other, and aim high, always with purpose and intention

If your ambition is matched by your work ethic and you're hungry for a place where growth, impact, and ownership are the norm, YipitData might be the opportunity you've been waiting for.

About The Role:

The Security team is seeking a DevSecOps Lead/Staff Engineer to build and scale our secure software development lifecycle and vulnerability management practices across the organization. This role will partner closely with Engineering, Platform, and Security to implement practical security standards and controls from code development through deployment and production.

You will help define how secure software gets built at YipitData by translating security requirements into clear policies, technical standards, and scalable processes. This is a hands-on, cross-functional role focused on improving developer workflows, strengthening CI/CD controls, and driving measurable risk reduction without slowing teams down.

This position reports to the Senior Director of Information Security and offers the opportunity to shape DevSecOps practices at a high-growth company.

This is a remote-friendly opportunity that can sit in NYC (where our headquarters is located), one of our office hubs (Austin, Miami, Los Angeles (CA), and Cupertino (CA)), or anywhere else in the US. However, depending upon where the remote work is performed, income could be subject to New York State tax withholding.

As Our DevSecOps Lead, You Will:

• Own the roadmap for secure SDLC controls and partner with Engineering and Product to roll out standards that are practical, scalable, and auditable.
• Develop and maintain secure development policies, implementation standards, and guidance for engineering teams.
• Drive adoption of key controls across repositories and pipelines, including branch protection, pull request requirements, code review, secrets scanning, dependency scanning, infrastructure-as-code scanning, and container image scanning.
• Partner with Engineering and Product teams to integrate security guardrails into CI/CD workflows and developer tooling.
• Support vulnerability management operations, including intake, triage, remediation tracking, verification, and reporting.
• Build reference implementations, templates, and onboarding guidance to help teams adopt secure patterns consistently.
• Define and report on metrics such as control coverage, vulnerability aging, SLA performance, and remediation progress.
• Prepare audit-ready documentation and evidence that demonstrates controls are implemented and operating effectively.
• Evaluate and prioritize future enhancements such as SAST, DAST, SBOM generation, image signing, and broader software supply chain security improvements.

You Are Likely To Succeed If You:

• Have 6+ years of experience in DevSecOps, security engineering, application security, cloud security, or DevOps, including experience leading cross-functional programs or technical initiatives.
• Have experience building or improving Secure SDLC, CI/CD security, or vulnerability management programs in modern engineering environments.
• Understand Git-based workflows, CI/CD systems, cloud-native development, containers, and repository security controls.
• Have implemented or governed controls such as branch protection, code review, secrets scanning, SAST, SCA, infrastructure-as-code scanning, or container scanning.
• Can translate security requirements into clear standards and practical implementation plans that work for engineering teams.
• Are comfortable influencing stakeholders across Security, Engineering, and leadership.
• Have experience with GitHub Enterprise, GitHub Actions, Jenkins, or similar platforms, preferred.
• Have experience supporting SOC 2, audit readiness, or customer assurance efforts, preferred.
• Are familiar with software supply chain security concepts such as SBOMs, image signing, and artifact integrity, preferred.

What We Offer:

Our compensation package includes comprehensive benefits, perks, and a competitive salary:

We care about your personal life, and we mean it. We offer flexible work hours, flexible vacation, a generous 401K match, parental leave, team events, wellness budget, learning reimbursement, and more. Your growth at YipitData is determined by the impact that you are making, not by tenure, unnecessary facetime, or office politics. Everyone at YipitData is empowered to learn, self-improve, and master their skills in an environment focused on ownership, respect, and trust. See more on our high-impact, high-opportunity work environment above.

The annual base compensation for this position is anticipated to be up to 250k + 10% target variable. The final offer may be determined by a number of factors, including, but not limited to, the applicant's experience, knowledge, skills, abilities, as well as internal team benchmarks.

This role may be performed fully remotely within the United States. Please note that our US headquarters are located in NYC. Income may be subject to New York State tax withholding.

Please note that for this position, we are not able to consider candidates who currently or in the future will require visa sponsorship.

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity employer.

Job Applicant Privacy Notice