About this role
Software Quality & Compliance Lead
Application Deadline: 31 March 2026
Department: Recruiting Done
Employment Type: Full Time
Location: Santa Monica
Compensation: $90,000 - $100,000 / year
Description
Role SummaryOur client is looking for a Software Quality & Compliance Lead who will own the end-to-end quality bar across products and services. Define engineering standards, lead independent verification & validation, and operate the final quality/compliance gate before releases.
Key Responsibilities
- Define, maintain, and enforce secure SDLC and quality policies across codebases and services.
- Lead independent V&V activities with objective evidence for acceptance.
- Conduct systematic code and design reviews (manual + tool-assisted) to prevent defects and regressions.
- Build and maintain automated quality gates in CI/CD (tests, coverage, SAST/DAST/SCA, license checks, SBOM generation).
- Drive software supply-chain hygiene (dependency governance, artefact signing, provenance, vulnerability SLAs).
- Own test strategy: plans, requirements traceability, environments, data, and the full defect lifecycle (triage → fix → verify → close).
- Prepare audit-ready documentation (test reports, risk registers, CAPAs) and lead corrective/preventive actions.
- Mentor engineers; publish playbooks, checklists, and run training sessions.
- Define and report KPIs (defect escape rate, MTTR for vulnerabilities, coverage, flaky-test rate, policy adherence).
- Serve as final go/no-go approver against quality and compliance criteria.
Skills, Knowledge and Expertise
Qualifications Required:- 5+ years in software quality, DevSecOps, security engineering, or V&V for cloud, distributed, or embedded/edge systems.
- Hands-on experience with automated testing and CI/CD quality gates.
- Proficiency with at least two of: SAST, DAST, IAST, SCA, coverage/reporting frameworks, and end-to-end testing tools.
- Strong grasp of secure SDLC and modern software supply-chain practices (SBOMs, attestations, artefact signing).
- Proficiency in one or more languages (e.g., Python, TypeScript/JavaScript, Go, C/C++).
- Excellent documentation discipline and clear, concise communication.
- Background in mission-critical, safety-critical, or regulated environments.
- Threat modelling and risk management (e.g., STRIDE), fuzzing, and runtime security.
- IaC security and policy-as-code (e.g., Terraform, OPA).
- Familiarity with standards/guidelines like CERT or MISRA, where relevant.
- Prior experience leading a quality/compliance or V&V function.
- Versioning/CI: GitHub/GitLab, CI runners
- Code Quality: CodeQL, Semgrep, SonarQube
- App Sec: OWASP ZAP/Burp, Snyk/Dependabot, Trivy/Grype
- Testing: pytest, Jest, Playwright/Cypress
- Governance: SBOM (CycloneDX/SPDX), artefact signing (e.g., cosign), reporting dashboards
Benefits
- Collaborative, supportive team culture where cross-functional work is the norm, and everyone contributes to problem-solving.
- Fast-paced, innovation-driven culture that values creativity, problem-solving, and technical mastery.
- Flexible PTO and comprehensive benefits that support work–life balance.