Sr. App and Cloud Security Engineer
Atlanta GA - 30354
Contract role
Responsibilities:
- Application Security Testing: Perform application security assessments, code reviews, container security, and manual API testing using tools like Burp Suite.
- Cloud Security Rules: Implement, deploy, and support custom AWS Config Rules, CFN Hooks, and CFN Guard Rules.
- Cloud Platform Management: Build and support applications in cloud environments such as AWS, Azure, and GCP.
- AWS Cloud Engineering: Engineer software within Amazon Web Services (AWS) cloud infrastructure.
- Open-source Integration: Integrate open-source security controls and tools into enterprise architecture.
- Open-source Component Review: Review open-source components and provide recommendations for configuration or environmental changes to enhance security or reduce risk.
- Collaboration and Relationships: Build successful relationships through direct interaction with peers, managers, and other technical teams.
- DevSecOps Integration: Guide the integration of various tools into DevSecOps processes (e.g., GitLab/GitHub, SonarQube, Jenkins, Selenium, Ansible, Docker, Kubernetes, and containerization).
- Security Assessment Expertise: Apply technical application security testing expertise to identify application vulnerabilities.
- Vulnerability Risk Assessment: Conduct vulnerability risk and impact assessments.
- Static and Dynamic Analysis: Use static analysis tools (HP Fortify, IBM Rational, Veracode, Coverity, FindBugs, FindSecurityBugs) and open-source scanning tools (Sonatype CLM).
- Problem Solving in Cloud Environments: Troubleshoot and resolve issues with existing cloud security controls.
- Security Lifecycle Management: Integrate security capabilities in cloud and application lifecycle management platforms within a DevOps model.
- AWS Architecture and TOGAF: Apply AWS well-architected framework principles or TOGAF while designing solutions.
- Awareness of OWASP Top 10: Extensive knowledge of OWASP Top 10 vulnerabilities and best practices.
Qualifications (Required):
- Educational Background: B.S. degree in Computer Science, Computer Engineering, Information Assurance, or a related field.
- Professional Experience: Minimum of 5+ years of experience in application security, penetration testing, security assessment, or secure software development.
- Hands-on Cloud & DevSecOps Technologies: Experience with cloud platforms and DevSecOps technologies.
- DevSecOps Expertise: Proficient in guiding the integration of various DevSecOps tools (GitLab/GitHub, SonarQube, Jenkins, Selenium, Ansible, Docker, Kubernetes).
- Cloud Development: Experience building and supporting applications in AWS, Azure, or GCP cloud environments.
- AWS Cloud Infrastructure: Competent in engineering software within AWS cloud infrastructure.
- Cloud Control Troubleshooting: Ability to troubleshoot and resolve issues with cloud controls.
- OWASP Knowledge: Extensive knowledge of the OWASP Top 10 vulnerabilities.
- Vulnerability Assessment Experience: Experience with vulnerability risk and impact assessments.
- Security Integration: Proficiency in integrating security capabilities into cloud and application lifecycle management platforms within a DevOps model.
- Static Analysis Tools: Extensive experience with static analysis and flaw triage tools like HP Fortify, IBM Rational, Veracode, Coverity, FindBugs, Brakeman, etc.
- Communication Skills: Strong written and verbal communication skills.
- Sense of Ownership: Strong sense of urgency and ownership in addressing security concerns.
- Qualifications (Preferred):
- Ethical Hacking Experience: Extensive experience in application security and ethical hacking.
- Security Vulnerability Exploitation: Proficient in exploiting web, mobile, and application security vulnerabilities.
- Software Development: Extensive experience in software development and secure coding practices.
- Secure Coding Techniques: Experience in integrating secure coding techniques with product teams.
- Certifications: Preferred certifications such as AWS Practitioner, cloud security certification for AWS, and CISSP (Certified Information Systems Security Professional).
Thanks,
Nandit