100% Remote
Need valid LinkedIn
Looking for an experienced security automation engineer to join the Application Security Strategy Team to help lead and execute various Application Pipeline Security initiatives and build robust automation frameworks.
Responsibilities
- Work with the various Business Unit stakeholders who manage code pipelines to ensure they are including our security testing and tools in those pipelines
- Create automated technical validations for the following scenarios:
- Ensure that secure pipeline best practices are being followed by developers (encrypt environment variables when possible, proper secrets management, secure deployment, etc.)
- Ensure all source code is onboarded and being tested for security vulnerabilities with current company SAST/secret scanning solution
- Ensure that container security agents are deployed to application infrastructure in dev, staging, and production
- Ensure that logging/endpoint security agents are deployed in pipelines. The Logging and Endpoint Leads will work directly with stakeholders on actual deployments and training
- Ensure that applications are protected by WAF (Akamai, Signal Science, AWS WAF, Edg.io)
- Ensure that applications are onboarded into our DAST platform
- Ensure that critical applications are added to the Pen Testing queue
- Overall, ensure that all requirements are being followed in our Application Security Standards
- Work closely with SAST/DAST/Container Security/CSPM platform leads
- Work with broader teams on tagging/automations for applications
- Document and inventory engineering pipelines, pipeline owners, and communicate our standards and minimum-security requirements to them
Qualifications
- 5+ years of Information Security experience
- 4+ years of scripting (Python, JavaScript, etc.)
- Experience with Information Security testing and protection tools, such as SAST, DAST, Container Scanning, Secrets Scanning, CSPM, Endpoint Protection, etc.
- Experience with DevSecOps processes and tools
- Experience driving projects with minimal supervision
- Goal driven individual with good technical, interpersonal, communication, and organizational skills
- Embraces and fosters “innovation” by working on new things in new ways every day
- Acts as an Information Security domain authority and is comfortable interacting with employees at all levels and roles