Do you like to create exploits for vulnerabilities, but at the same time help teams deploy mitigations and workarounds for those vulnerabilities to keep them safe. Can you explain a specific vulnerability to individuals who are not tuned to think application security

We are looking for a DevSecOps Engineer with a passion to drive automation at all stages of software development, release, operations and maintenance.

Job Description

·      As one of our DevSecOps Engineers your primary role will be to design, implement, and verify technical solutions to mitigate security issues in Business IT landscape

·      Perform Design review, Penetration testing, code and configuration review for applications built on modern tech stacks like Java, Node, Go, PHP, Python, Angular, React, NoSQL, etc.

·      You will provide advice on security best practices, and guide teams in developing, adopting, and enforcing security and access policies appropriate to their cloud platforms of choice

·      You will perform VAPT on cloud assets, deliver remediation recommendations, and provide knowledgeable assistance in resolving identified vulnerabilities

·      You will be actively involved in designing, developing, and integrating commercial and open source security tools in the DevOps pipeline

·      Design and implement security automation as part of the continuous integration (CI) and continuous delivery (CD) pipeline of key Business teams in order to proactively uncover security vulnerabilities in a shift-left approach

·      Design and implement secure architecture to protect the confidentiality, integrity, and availability of the CI and CD pipelines of key Business teams

·      Work effectively with various stakeholders from development, quality engineering (QE), program management, documentation, and security teams

·      Create artifacts for various stakeholders and customers

Skills: DEVSECOPS, Netsparker, Burpsuite, Guantlt, Blackduck , Jfrog Artifactory, Sonarcube, veracode, burpsuite, Xray Scan, Prisma Cloud, BridgeCrew

Desired Candidate Profile
  • Master’s degree preferred, Bachelor’s in Computer Science or EE is required
  • 5+ years’ experience working in an Enterprise grade software application development environment
  • 5+ years of experience in designing and developing automation
  • Passion in DevOps and strong skills in at least one scripting language (Python or equivalent)
  • 5 + years of experience in application development
  • Direct experience designing and implementing security automation tools as part of the CI and CD Pipeline
  • Proficient in coding and debugging in Java, GoLang, Node, PHP, Angular (at least 2)
  • You have a strong security background, and at least 4 years’ experience in a hands-on application security role, ideally on microservices and cloud platforms
  • Experience with security and vulnerability scanning tools like Fortify, Sonar Cube, Jfrog Artifactory, Xray Scan, Guantlt, Veracode, Netsparker, Burpsuite, Coverity & Blackduck is preferred.
  • Hands on with Security posture managements and Cloud workload protection tools like prisma cloud is a plus.
  • Comfortable working hand-in-hand with development and security to support overall business requirements.
  • Experience in automated testing of web applications and web services in a fast-moving and agile environment
  • Experience in setting up and maintaining an automation framework and tests from scratch
  • Experience in security testing of mobile applications is a plus
  • Application security certification like OSWE, GWAPT, OSCP a plus
  • You have demonstrable experience, with the ability to build strong working relationships with variety of teams, drive change and see projects to completion
  • You will evaluate and recommend new and emerging security products and technologies
  • You have excellent presentation and writing skills

Contact Details
Address: Office Suite No 628, Bestech Business Towers
Mohali, Punjab, 160062