DevSecOps Security Engineer

The DevSecOps Security engineer ensures that every step of the software development lifecycle (SDLC) follows security best practices. They are also responsible for guiding the teams to adhere to secure coding principles and aid in testing the application against security risks/parameters before release.

Responsibilities

• Perform security-focused code reviews
• Assist teams in triaging and addressing application security vulnerabilities.
• Knowledge of Risk mitigation techniques and fixing the code bugs
• Monitoring the CI/CD Pipeline related processes during the lifecycle for its adherence to Security practices and updating or creating new processes for improvement as needed
• Support and consult with product and development teams in the area of application security
• Identifying and deploying cybersecurity measures by continuously performing vulnerability assessment and risk management
• Providing secure software development related training and outreach to internal development teams

Skillset

• Able to work well with software development teams.
• Experience identifying security issues through code review.
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
• Familiarity with some common security libraries and tools (e.g. static analysis tools, VAPT tools).
• Knowledge of Pentesting of production and development applications (DAST)
• Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).
• Experience in integrating, monitoring and improving DevSecOps tools and processes, automate routine tasks and improve system reliability
• Basic development or scripting experience and skills. 
• A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols)

• Bachelor (undergraduate) degree in a relevant field (Computer Science, Software Engineer, Security, or others) OR an equivalent combination of education, training, and experience
• Minimum of 2 years of professional experience with any combination of at least 2 technical disciplines, including the following: cloud security, network security, application security, mobile security, secure development methodologies, software development and coding, identity management, authentication and authorization, network architecture, system administration, and systems engineering.