Security Engineer (Application Security, DevSecOps)

Job Summary

This role involves collaborating with different teams to develop and maintain secure cloud architectures in line with best practices. It includes setting up continuous asset monitoring, administering security controls across cloud infrastructure, and implementing secure practices in development lifecycle and containerization platforms. The role also requires developing automated security tools for integration into the CI/CD pipeline, conducting regular security testing and vulnerability scanning, and assessing data flows for potential security risks. Furthermore, the role involves providing guidance to other teams, managing vulnerability resolution, and participating in incident response efforts. Understanding of secure software development practices and DevSecOps methodologies.

Job Requirements

• Experience in security engineering and DevSecOps.
• Lead and oversee all aspects of the Secure Software Development Lifecycle.
• Implement and manage security tools within the CI/CD pipeline, focusing on DevSecOps practices.
• Conduct threat modeling, design, and architectural reviews to identify potential risks.
• Support third-party penetration testing by analyzing vulnerabilities and assessing their potential impact and exploitability.
• Possess a foundational understanding of web application security.
• Demonstrate strong knowledge of cloud computing platforms like AWS, Azure, GCP and their associated security services and features.
• Experience with SAST, SCA, and DAST, with the ability to address real-world challenges in these areas.
• Understand runtime security, image scanning, network security, access control, host OS hardening, and vulnerability management in the container lifecycle.
• Knowledgeable in Kubernetes and the implementation of best practices.
• Proven expertise in using Terraform and other infrastructure as code tools, managing vulnerabilities, policies and implementing best practices.
• Handle vulnerability management for images.
• Adaptable and capable of exploring various products with a wide range of tools and pipelines.
• Familiarity with CI/CD tools such as GitHub Actions, Jenkins or TeamCity.
• Stay informed about emerging security threats and technologies, offering recommendations for security enhancements.
• Experience in automating security controls.
• Understanding of networking and communication protocols like TCP/IP, UDP, SSL/TLS, IPSEC, HTTP, HTTPS, BGP.
• Proficiency in scripting or programming languages like Python, Gol, Ruby for security automation and integration.
   

Education

• Required 4 years of experience in the security domain.
• Bachelor's degree in computer science, Information Security, or a related field.