The Senior DevSecOps Security engineer will be responsible for driving the security testing services enabled by the DevSecOps group, all through the lifecycle of an application with the required processes and technologies.

This includes cultivating a mindset of #securebydesign within the developer community, support driving of automation via the application’s CI / CD Pipeline and supporting vulnerability remediation.

 

Skillset required:

Experience in Security testing activities such as SAST, DAST, Container Image scanning and associated tools. Deep understanding of modern web application architectures including Microservices, SPAs, and APIs Experience with writing automation scripts. Experience with, or knowledge of common DevOps platforms such as Tekton, CloudBuild, Github Actions etc. Experience with, or knowledge of one or more cloud platforms, such as GCP, Azure or AWS. Strong ability to run projects with quality, and ability to groom other team members. Good knowledge of Agile processes (planning/standups/retros etc.)  Knowledge of AI / ML and LLMs

 

Qualifications required:

Seven+ years of experience in DevSecOps or Application Security Testing or Web application development. MCA or B.E/B.Tech (Computer Science/IT) or MS-IT from an accredited institution DevSecOps or Application Security related certifications are preferred. Knowledge on Information Security Policies / Frameworks Self-Starter who can work in ambiguous situations and drive to a solution Strong interpersonal skills, including ability to educate and influence Good communication and presentation skills Willingness to learn new technologies and concepts Willing to work flexible hours across time zones to support global applications. 

Position responsibilities include:

Define the policies and processes necessary to support DevSecOps for the Enterprise. Manage and drive existing and new DevSecOps Services and initiatives. Engage early with developers in the software lifecycle development lifecycle and support enablement of security testing all through the lifecycle. Identify and implement opportunities for automating security testing and enabling it via the application’s CI / CD pipeline. Facilitate the seamless onboarding of applications into security tools and provide necessary guidance to developers around performing scans. Support application teams with the remediation of vulnerabilities and weaknesses identified as part of security testing. Spread awareness about application security and DevSecOps to the development community. Working closely with security tool vendors on bug fixes and feature requests. Produce and report necessary operational and vulnerability metrics to cyber and operations Leadership.