Do you like to create exploits for vulnerabilities, but at the same time help teams deploy mitigations and workarounds for those vulnerabilities to keep them safe. Can you explain a specific vulnerability to individuals who are not tuned to think application security

We are looking for a DevSecOps Engineer with a passion to drive automation at all stages of software development, release, operations and maintenance.



Job Description

·      As one of our DevSecOps Engineers your primary role will be to design, implement, and verify technical solutions to mitigate security issues in Business IT landscape

·      Perform Design review, Penetration testing, code and configuration review for applications built on modern tech stacks like Java, Node, Go, PHP, Python, Angular, React, NoSQL, etc.

·      You will provide advice on security best practices, and guide teams in developing, adopting, and enforcing security and access policies appropriate to their cloud platforms of choice

·      You will perform VAPT on cloud assets, deliver remediation recommendations, and provide knowledgeable assistance in resolving identified vulnerabilities

·      You will be actively involved in designing, developing, and integrating commercial and open source security tools in the DevOps pipeline

·      Design and implement security automation as part of the continuous integration (CI) and continuous delivery (CD) pipeline of key Business teams in order to proactively uncover security vulnerabilities in a shift-left approach

·      Design and implement secure architecture to protect the confidentiality, integrity, and availability of the CI and CD pipelines of key Business teams

·      Work effectively with various stakeholders from development, quality engineering (QE), program management, documentation, and security teams

·      Create artifacts for various stakeholders and customers


Skills: DEVSECOPS,Netsparker,Burpsuite,Checkmarx,Guantlt,Blackduck

Desired Candidate Profile

·      Master’s degree preferred, Bachelor’s in Computer Science or EE is required

·      5+ years’ experience working in an Enterprise grade software application development environment

·      5+ years of experience in designing and developing automation

·      Passion in DevOps and strong skills in at least one scripting language (Python or equivalent)

·      5 + years of experience in application development

  • Direct experience designing and implementing security automation tools as part of the CI and CD Pipeline

 

·      Proficient in coding and debugging in Java, GoLang, Node, PHP, Angular (at least 2)

·      You have a strong security background, and at least 4 years’ experience in a hands-on application security role, ideally on microservices and cloud platforms

·      You have experience in performing Design review, Penetration testing and Code review on enterprise applications

·      Experience with tools like Fortify, Guantlt, Veracode, Netsparker, Burpsuite, Checkmarx, Coverity, Blackduck etc.

·      You will work with Business IT teams to create, update, and implement Information Security designs, standards and procedures

·      Comfortable working hand-in-hand with development and security to support overall business requirements.

·      Experience in automated testing of web applications and web services in a fast-moving and agile environment

·      Experience in setting up and maintaining an automation framework and tests from scratch

·      Experience in security testing of mobile applications is a plus

·      Application security certification like OSWE, GWAPT, OSCP a plus

·      You have demonstrable experience, with the ability to build strong working relationships with variety of teams, drive change and see projects to completion

·      You will evaluate and recommend new and emerging security products and technologies

·      You have excellent presentation and writing skills



Contact Details
Website: https://cloudeq.com
Address: Office Suite No 628, Bestech Business Towers
Mohali, Punjab, 160062