DevSecOps Engineer

• We seek a highly skilled and technically proficient Senior Vulnerability & DevSecOps Engineer to join our security team.
• In this pivotal role, he/she will drive our end-to-end vulnerability management program, from comprehensive scanning and deep analysis to effective remediation and reporting.
• Leveraging expert-level experience with industry-leading tools like Qualys and Burp Suite, he/she will proactively identify, prioritize, and validate critical vulnerabilities across our expansive hybrid infrastructure, encompassing servers, workstations, and cloud environments (GCP, AWS, Azure).
• A significant focus of this position involves integrating robust security practices and automation into our CI/CD pipelines.
• He/she will be instrumental in building, maintaining, and improving automated security testing workflows using tools such as Jenkins, GitLab CI, Azure DevOps, SonarQube, Synk, and ZAP, ensuring security is 'shifted left.'
• Proficiency in scripting languages (Python, Bash, Terraform) and automation frameworks like Ansible is essential for developing custom tools, automating patching, configuration hardening, and streamlining compliance checks.
• He/she will collaborate closely with development and operations teams to embed secure coding principles and foster a DevSecOps culture, ultimately enhancing our security posture and reducing organizational risk.
• This role demands a deep understanding of vulnerability assessment methodologies (OWASP Top 10, NIST), networking concepts, and diverse operating systems (Windows, Linux).
• Exceptional analytical skills are required to interpret complex scan results, manually validate findings, and generate advanced reports and dashboards using Power BI and Excel for technical and executive audiences.
• A proactive problem-solver passionate about automation, application security, and continuous improvement in a dynamic technical landscape.

Essential Job Functions

Vulnerability Scanning and Security Analysis:

• Perform regular vulnerability scans of servers, workstations, cloud infrastructure, and other assets using Qualys and Burp.
• Analyze scan results to identify critical vulnerabilities, misconfigurations, and compliance violations.
• Prioritize vulnerabilities based on risk and business impact.
• Manually validate and verify vulnerabilities to reduce false positives and refine scan settings.
• Basic understanding of OWASP Top 10 standards.
• Remediation and Reporting:
• Work closely with application teams, system administrators, and other stakeholders to communicate vulnerability findings and guide remediation efforts.
• Track remediation progress using Excel and other tracking tools.
• Generate detailed reports on vulnerability trends, remediation status, and overall security posture.
• Present findings to technical and management audiences.

DevSecOps:

• CI/CD Pipelines: Implement, build, and maintain CI/CD pipelines with security integrated throughout the process. Familiarity with tools like Jenkins, GitLab CI, Azure DevOps Cloud, JFrog, SonarQube, Synk, and ZAP.
• Some understanding of Google Cloud.
• Automate vulnerability remediation tasks using Ansible playbooks.
• Collaborate with development teams to implement secure coding practices and improve application security.
• Work with DevSecOps engineers to build out automated security testing pipelines.

Automation and Scripting:

• Develop and maintain Ansible playbooks to automate vulnerability patching, configuration hardening, and compliance checks.
• Use scripting languages (e.g., Python, Bash, Terraform) to create custom tools and scripts for vulnerability analysis and reporting.

Continuous Improvement:

• Continuously evaluate and improve our vulnerability management processes and procedures.
• Research and recommend new security tools and technologies.
• Participate in security incident response activities.

Qualifications

Technical Skills :

• ​3+ years of experience