DevMLSecOps Manager

Manager

KPMG Delivery Network (KDN) is seeking a talented DevMLSecOps Manager to lead and implement a holistic approach to developing, securing, and operating our ML systems. You will be pivotal in fostering a culture of security and efficiency throughout the entire ML lifecycle, from data exploration to model deployment and monitoring. This role requires a strong technical foundation in software development, machine learning operations, and security principles, along with team management and collaboration skills.

Key responsibilities include:

1.Integrated Development and Security for ML Systems:•Define and implement DevMLSecOps best practices, integrating security seamlessly into the ML development lifecycle•Establish secure coding standards and guidelines specific to machine learning pipelines and model development.•Design and implement secure and automated CI/CD pipelines for ML models, incorporating security gates and testing at each stage.•Collaborate with Data Scientists and ML Engineers to build secure and robust ML applications and services.2.Secure ML Infrastructure and Deployment:•Architect and maintain secure and scalable infrastructure for training, deploying, and monitoring machine learning models, leveraging cloud platforms (e.g., AWS, Azure, GCP) and containerization technologies (e.g., Docker, Kubernetes).•Implement robust security controls for ML components.•Ensure secure deployment and management of ML models in production environments, including access control, monitoring, and logging.3.ML Security and Vulnerability Management::•Lead threat modeling activities specific to machine learning systems, identifying unique security risks and attack vectors.•Implement and manage vulnerability scanning and security testing tools tailored for ML components and infrastructure.•Establish processes for secure data handling throughout the ML lifecycle, including data encryption, anonymization, and access controls.•Stay current on the latest research and trends in adversarial machine learning and defense mechanisms.4.Automation, Monitoring, and Incident Response for ML Security:•Drive the automation of security tasks within the ML pipeline and infrastructure.•Implement comprehensive monitoring and logging for ML systems, including performance metrics, security events, and anomaly detection.•Develop and maintain incident response plans specifically for security incidents affecting ML systems.•Establish key security metrics and dashboards to track the security posture of ML operations.5.Collaboration, Governance, and Team Enablement:•Collaborate closely with data scientists, developers, DevOps, and Security teams to foster a security-first mindset.•Define and enforce security policies and governance frameworks specific to machine learning.•Drive security training and awareness programs for the AI and development teams on ML-specific security considerations.•Evaluate and recommend security tools and technologies relevant to DevMLSecOps.

Educational Qualifications

•Bachelor’s or Master’s degree in Computer Science, Information Security, Machine Learning, or a related field.•Relevant security certifications (e.g., CISSP, CCSK, cloud security certifications) are a plus. 

Work experience

•8+ years of experience in ML development, DevOps, machine learning operations, and security engineering roles.•Strong understanding of MLOps security, AI adversarial threats, model poisoning , data exfiltration and AI risk frameworks.•Hands-on experience with AI security tools (e.g., ModelScan, RobustML, Microsoft Purview, IBM AI OpenScale).•Experience securing ML pipelines, LLMs, and AI APIs.•Deep knowledge of cryptographic techniques for AI security (homomorphic encryption, secure multi-party computation, differential privacy, etc.).•Familiarity with secure AI coding practices (e.g., Python, TensorFlow, PyTorch, LangChain security best practices). 

Mandatory  technical & functional skills

•Strong proficiency in either Azure or GCP and its security services.•Hands-on experience with containerization and orchestration technologies (Docker, Kubernetes) and their security best practices.•Expertise in implementing and managing CI/CD pipelines, with a focus on integrating security testing and validation.•Experience with security tools and technologies relevant to cloud security, application security, and infrastructure security.•Scripting and automation skills (e.g., Python, Bash) are essential.•Knowledge of data security and privacy regulations (e.g., GDPR, CCPA).

Experience Level

Mid Level