Do you like to create exploits for vulnerabilities, but at the same time help teams deploy mitigations and workarounds for those vulnerabilities to keep them safe. Can you explain a specific vulnerability to individuals who are not tuned to think application security
We are looking for a DevSecOps Engineer with a passion to drive automation at all stages of software development, release, operations and maintenance.
· As one of our DevSecOps Engineers your primary role will be to design, implement, and verify technical solutions to mitigate security issues in Business IT landscape
· Perform Design review, Penetration testing, code and configuration review for applications built on modern tech stacks like Java, Node, Go, PHP, Python, Angular, React, NoSQL, etc.
· You will provide advice on security best practices, and guide teams in developing, adopting, and enforcing security and access policies appropriate to their cloud platforms of choice
· You will perform VAPT on cloud assets, deliver remediation recommendations, and provide knowledgeable assistance in resolving identified vulnerabilities
· You will be actively involved in designing, developing, and integrating commercial and open source security tools in the DevOps pipeline
· Design and implement security automation as part of the continuous integration (CI) and continuous delivery (CD) pipeline of key Business teams in order to proactively uncover security vulnerabilities in a shift-left approach
· Design and implement secure architecture to protect the confidentiality, integrity, and availability of the CI and CD pipelines of key Business teams
· Work effectively with various stakeholders from development, quality engineering (QE), program management, documentation, and security teams
· Create artifacts for various stakeholders and customers
· Master’s degree preferred, Bachelor’s in Computer Science or EE is required
· 5+ years’ experience working in an Enterprise grade software application development environment
· 5+ years of experience in designing and developing automation
· Passion in DevOps and strong skills in at least one scripting language (Python or equivalent)
· 5 + years of experience in application development
· Proficient in coding and debugging in Java, GoLang, Node, PHP, Angular (at least 2)
· You have a strong security background, and at least 4 years’ experience in a hands-on application security role, ideally on microservices and cloud platforms
· You have experience in performing Design review, Penetration testing and Code review on enterprise applications
· Experience with tools like Fortify, Guantlt, Veracode, Netsparker, Burpsuite, Checkmarx, Coverity, Blackduck etc.
· You will work with Business IT teams to create, update, and implement Information Security designs, standards and procedures
· Comfortable working hand-in-hand with development and security to support overall business requirements.
· Experience in automated testing of web applications and web services in a fast-moving and agile environment
· Experience in setting up and maintaining an automation framework and tests from scratch
· Experience in security testing of mobile applications is a plus
· Application security certification like OSWE, GWAPT, OSCP a plus
· You have demonstrable experience, with the ability to build strong working relationships with variety of teams, drive change and see projects to completion
· You will evaluate and recommend new and emerging security products and technologies
· You have excellent presentation and writing skills