Our client is seeking a seasoned Sr. Security Engineer to join their dynamic team. The successful candidate will have a comprehensive understanding of all aspects of Cybersecurity and will apply their technical application security testing expertise to assist in identifying application vulnerabilities.
Key Responsibilities:
- Conduct Static Application Security Test (SAST), Dynamic Application Security Test (DAST), and Source Code Analysis (SCA) using VeraCode
- Correlate findings from tools such as VeraCode Source Code Agent to identify the presence of vulnerable methods in code
- Research open-source community contributors and NIST NVD to understand residual risk and recommend a course of action
- Determine how frequently and quickly fixes should be delivered for open-source findings
- Review SCA reports to track new and changes to SCA components in the environment
- Work within the DevSecOps model to secure Containers, within ROSA, Tekton, and OpenShift pipelines
- Design, develop, plan, implement, and maintain Cloud DevSecOps processes across multiple technical organizations
- Provide operational support for container security tools (Palo Alto Prisma, Aqua, Wiz, or equivalent)
- Perform Baseline Image validation of new container template images
- Evaluate scan results for container runtime environments to reduce security risk
- Apply software development skills (e.g., Java, C#.NET, JavaScript) to recommend and apply secure coding practices
Qualifications:
- B.S. degree in Computer Science, Computer Engineering, Information Assurance, or related field
- Minimum 5+ years of professional experience in application security, penetration testing, security assessment, secure software development, or related field
- Hands-on experience working with Cloud and/or DevSecOps related technologies
- Excellent understanding of DevSecOps techniques and processes
- Experience building and supporting applications in the Cloud (AWS, Azure, GCP)
- Experience engineering software within an Amazon Web Services (AWS) cloud infrastructure
- Extensive knowledge of the OWASP Top 10
- Experience with vulnerability risk and impact assessment
- Excellent written and verbal communication skills
- Strong sense of urgency and ownership
Preferred:
- Extensive experience in application security and ethical hacking
- Extensive experience exploiting web, mobile, and application security vulnerabilities
- Extensive experience in software development
- Professional certifications such as AWS practitioner, cloud security certification for AWS, and CISSP
Join our client's team and contribute to a culture that values diversity, equity, and inclusion. Apply today to be a part of a team that is committed to creating a safe and secure digital environment.