Security Engineer - DevSecOps

Security Engineer - DevSecOps

The DevSecOps Security engineer will be responsible for enabling security testing services all through the lifecycle of an application with the required processes and technologies. This includes cultivating a mindset of #securebydesign within the developer community, support driving of automation via the application’s CI / CD Pipeline and supporting vulnerability remediation.

Position responsibilities include:

• Define the policies and processes necessary to support DevSecOps for the Enterprise.
• Engage early with developers in the software lifecycle development lifecycle and support enablement of security testing all through the lifecycle.
• Identify and implement opportunities for automating security testing and enabling it via the application’s CI / CD pipeline.
• Facilitate the seamless onboarding of applications into security tools and provide necessary guidance to developers around performing scans.
• Support application teams with the remediation of vulnerabilities and weaknesses identified as part of security testing.
• Spread awareness about application security and DevSecOps to the development community.
• Working closely with security tool vendors on bug fixes and feature requests.
• Produce and report necessary operational and vulnerability metrics to cyber and operations Leadership.

Skillset required:

• Experience in Security testing activities such as SAST, DAST, Container Image scanning and associated tools.
• Deep understanding of modern web application architectures including Microservices, SPAs, and APIs
• Experience with writing automation scripts.
• Experience with, or knowledge of common DevOps platforms such as Tekton, CloudBuild, Github Actions etc.
• Experience with, or knowledge of one or more cloud platforms, such as GCP, Azure or AWS.
• Good knowledge of Agile processes (planning/standups/retros etc.) 
• Knowledge of AI / ML and LLMs

Qualifications required:

• Three+ years of experience in DevSecOps or Application Security Testing
• MCA or B.E/B.Tech (Computer Science/IT) or MS-IT from an accredited institution
• DevSecOps or Application Security related certifications are preferred.
• Knowledge on Information Security Policies / Frameworks
• Self-Starter who can work in ambiguous situations and drive to a solution
• Strong interpersonal skills, including ability to educate and influence
• Good communication and presentation skills
• Willingness to learn new technologies and concepts
• Willing to work flexible hours across time zones to support global applications.