DevSecOps Security Engineer
Posted on :
17-10-2023
Employer Active
The job posting is outdated and position may be filled
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Responsibilities:
- We are looking for a DevSecOps or Application Security hire
- Location preference: TX, PA, NC, AZ
- Provide technical security risk oversight of our Infosys partner including
- Review and approval of security vulnerability acceptance requests
- Ensure adherence to security requirements and vulnerability remediation SLAs
- Active participation in recurring security and vulnerability oversight meetings
- Assist with daily DevSecOps Security Assurance operational and enforcement processes for our current suite of security automation tools.
- Provide support to IT teams for enhancing security and protection controls in relation to security automation, CI/CD, DevSecOps, and vulnerability remediation.
- Participate in DevSecOps Security Assurance projects and initiatives as assigned.
Qualifications
- Experience working with widely used security automation technologies such as
Static Application Security Testing (SAST) Software Composition Analysis (SCA) Open Source software vulnerabilities Dynamic Application Security Testing (DAST) Interactive Application Security Testing (IAST) Container and image security scanning
- API security scanning
- Practical experience analyzing vulnerability data to understand and communicate risks, concerns and outcomes of decisions
- Experience with CI/CD pipeline tools and technologies such as Bamboo, Jenkins, GitHub, GitHub Actions, Artifactory, Nexus, Docker, Kubernetes, Ansible, or Terraform, and Atlassian Suite (Jira, Confluence, Bitbucket)
- Working knowledge of OWASP Top 10, SANS Top 25, NIST/NVD (National Vulnerability Database), CVSS (Common Vulnerability Scoring System), CVE (Common Vulnerabilities and Exposures), technical security vulnerability remediation/mitigation, and security risk oversight
- Strong, demonstrated analysis and problem-solving, communication, interpersonal skills
- Professional security certification in good standing such as ISC2 CISSP, ISC2 Certified Secure Software Lifecycle Professional (CSSLP), GIAC Security Essentials Certification (GSEC), or CompTIA Security+
- Recent software engineering experience is a plus
- Experience with scripting languages such as PowerShell, Python, Bash, or Postman is a plus
Top 3 skills:
- Working knowledge of OWASP Top 10, SANS Top 25, NIST/NVD (National Vulnerability Database), CVSS (Common Vulnerability Scoring System), CVE (Common Vulnerabilities and Exposures), technical security vulnerability remediation/mitigation, and security risk oversight
- Practical experience analyzing vulnerability data to understand and communicate risks, concerns and outcomes of decisions.
- Experience working with widely used security automation technologies such as:
- Static Application Security Testing (SAST)
- Software Composition Analysis (SCA)
- Open Source software vulnerabilities
- Dynamic Application Security Testing (DAST)
- Interactive Application Security Testing (IAST)
- Container and image security scanning
- API security scanning
Required Skills : DevOps,Python
Additional Skills : Software Developer
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
