Job Overview:

We seek an Application Security Engineer with a strong DevSecOps background to join our team. This role is pivotal in ensuring the security of our applications throughout their entire lifecycle. The ideal candidate will have a deep understanding of application security principles, secure software development lifecycle, a passion for automation, adopting AI integration with the secure approach and the ability to collaborate effectively with development and operations teams.

Key Responsibilities:

• DevSecOps Integration:
  • Collaborate with development and operations teams to embed security into the software development lifecycle (SDLC).
  • Design and implement security automation tools and processes.
  • Integrate security testing into CI/CD pipelines.
  • Promote a security-first culture within the organization.
• Application Security Assessment:
  • Conduct security assessments and code reviews to identify vulnerabilities.
  • Perform threat modeling and risk assessments.
  • Develop and maintain secure coding standards and guidelines.
• Vulnerability Management:
  • Track and manage vulnerabilities, ensuring timely remediation.
  • Develop and implement vulnerability remediation strategies.
  • Provide guidance on security best practices.
• Security Tooling:
  • Evaluate and select security tools and technologies.
  • Maintain and optimize security tool configurations.
  • Integrate security tools into the development and operations environments.
  • Hands-on experience with application security testing tools (SAST, DAST, SCA) and IaC scanning.
• Incident Response:
  • Participate in incident response activities, including investigation and remediation.
  • Conduct post-incident analysis and develop improvement plans.
• Compliance:
  • Ensure compliance with relevant security standards and regulations.
  • Conduct security audits and assessments.
  • Maintain security documentation and policies.
• CI/CD & SCM:
  • Proficiency in managing CI/CD pipelines (e.g., GitLab CI, Jenkins, GitHub Actions) and SCM platforms.
• Cross-Functional Collaboration:
  • Lead recurring discussions with Developers, DevOps, System, and Network teams to plan and execute remediation strategies tailored to specific project requirements.

Day-to-Day Responsibilities:

• Security Operations & Vulnerability Management
  • Platform Administration: Administer and maintain critical on-premises security and infrastructure management platforms, including DefectDojo, NetBox, Eramba, and AI-assisted coding tools.
  • Vulnerability Triage & Analysis: Conduct comprehensive weekly security reviews across application codebases and runtime environments. Analyze and prioritize findings from SAST, DAST, SCA, and runtime/container security platforms (e.g., Sysdig).
  • Cross-Functional Remediation: Lead recurring remediation discussions with Development, DevOps, Systems, and Network teams. Facilitate targeted meetings to ensure vulnerabilities are addressed promptly and in alignment with project requirements.
• Infrastructure, Automation & Tooling
  • Pipeline Engineering: Architect and configure secure CI/CD pipelines and Source Control Management (SCM) integrations. Design/Manage SCM administration, including integration with DevSecOps tool and designing pipelines.
  • Security Deployment: Oversee the deployment and lifecycle management of security agents across diverse team environments. Proactively troubleshoot and collaborate with cross-functional teams to ensure seamless operation with zero impact on business continuity.
  • Container Management: Administer, secure, and maintain self-hosted container registries to ensure reliable, compliant artifact storage and distribution.
  • Custom Automation: Develop custom scripts and automation tooling to streamline routine security tasks and establish seamless integrations between disparate open-source and commercial systems.
• Research & Continuous Improvement
  • Ecosystem Optimization: Continuously evaluate new features, tools, and methodologies to optimize the existing DevSecOps ecosystem and improve the overall security posture.
• Lab & Testing Environments: Sustain and optimize internal security team infrastructure. Architect, deploy, and manage isolated testing and lab environments to support continuous security research and validation.

​​​​​Education:

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or related field;
• Certifications or Experience in security and/or Dev(Sec)Ops

Certifications:

• CISSP (Certified Information Systems Security Professional)
• CCIE (Cisco Certified Internetwork Expert) Security
• Additional certifications such as CISM, CEH, ISO 27001 Lead Auditor, or Certified Cloud Security Professional (CCSP) are a plus.

Experience:

• Strong understanding of application security principles and best practices. 
• Experience with DevSecOps methodologies and tools (e.g., Jenkins, GitLab, Docker, Kubernetes, Linux). 
• Proficiency in scripting languages (Python, Bash, etc.) for automation. 
• Experience with security testing tools (e.g., SAST, DAST, SCA, RASP, etc.). 
• Experience with specific security frameworks (e.g., OWASP). 
• Experience with specific programming language(s) (e.g., Java, Python, PHP, NodeJS).

Key Skillsets:

• Strong problem-solving and analytical skills.
• Excellent communication and collaboration skills. 
• Ability to work independently and as part of a team.