DEVSECOPS & APPLICATION SECURITY

Job Summary:
We are seeking an experienced DevSecOps & Application Security Engineer to strengthen our software delivery process by embedding security at every stage of the development and deployment pipeline. This hybrid role focuses on implementing DevSecOps best practices while conducting deep application security assessments, ensuring our products and infrastructure are secure, compliant, and resilient.

Key Responsibilities:
Design and implement secure CI/CD pipelines with integrated security tools.

Develop automated security testing solutions (SAST, DAST, SCA, IaC scanning).

Harden infrastructure and cloud environments (AWS, Azure, or GCP).

Use Infrastructure as Code (IaC) tools like Terraform, Ansible, or CloudFormation.

Manage container and orchestration security (Docker, Kubernetes, Helm).

Conduct secure code reviews and guide development teams on best practices.

Perform vulnerability assessments and penetration testing on web and mobile applications.

Lead threat modeling sessions and secure architecture reviews.

Remediate vulnerabilities through collaboration with development and QA teams.

Stay current with OWASP Top 10, CWE/SANS 25, and emerging application threats.

Required Skills and Experience:
3–5+ years of experience in DevSecOps, Application Security, or Security Engineering.

Strong knowledge of secure SDLC and CI/CD practices.

Hands-on experience with tools like SonarQube, Checkmarx, Veracode, Burp Suite, OWASP ZAP, Snyk.

Proficiency in scripting and coding languages (Python, JavaScript, Java, etc.).

Familiarity with cloud platforms (AWS, Azure, GCP) and container security (e.g., Aqua, Prisma Cloud).

Deep understanding of application vulnerabilities and secure design principles.

Experience integrating security tools into DevOps pipelines (Jenkins, GitLab CI, Azure DevOps).