Devsecops Engineer

Responsibilities: 

• Perform comprehensive security assessments on both mobile and web applications, identifying vulnerabilities including those outlined in the OWASP Top 10.
• Conduct manual and automated penetration tests across web applications, mobile apps, and networks to simulate potential cyber-attacks. Use both tools and manual techniques to exploit vulnerabilities and understand their potential impact.
• Analyze mobile and web application architecture to identify security threats and provide recommendations for improvements.
• Collaborate with developers and stakeholders to ensure secure design and implementation of coding practices.
• Review and audit source code to detect security flaws and ensure best practices are followed, providing guidance to developers on vulnerabilities.
• Use static and dynamic application security testing (SAST and DAST) tools to identify vulnerabilities.
• Evaluate the severity of discovered vulnerabilities, assessing their potential impact on security.
• Document findings and present clear, actionable remediation steps in detailed reports for the development team or management. Ensure compliance with security standards and regulations (e.g., GDPR, PCI-DSS, HIPAA, OWASP guidelines) and validate that security controls are properly implemented.
• Conduct regular audits and assessments to ensure adherence to security policies and procedures. Provide training on secure development practices to enhance security awareness within the organization.
• Proficiency with penetration testing tools such as Burp Suite, Nessus, OWASP ZAP, and others. Expertise in static and dynamic application security testing (SAST and DAST) and experience with automated testing frameworks.
• Strong understanding of security protocols like HTTPS, SSL/TLS, OAuth, OpenID, and SAML.
• Basic knowledge of network security concepts, including firewalls, VPNs, IDS/IPS, and their relevance to app security. Experience with reverse-engineering mobile apps (e.g., Android APKs, iOS IPAs) to identify security weaknesses.
• In-depth knowledge of OWASP Top 10 vulnerabilities and how to mitigate them. Understanding of web application firewalls (WAF) and how they protect against common threats.
• Familiarity with mobile-specific security issues such as insecure data storage, insecure communication, and API vulnerabilities.
• Knowledge of mobile OS-specific security mechanisms (Android & iOS).
• Familiarity with security frameworks such as OWASP Mobile Security Testing Guide (MSTG) and Web Application Security Testing Guide (WSTG).
• Understanding of industry standards and regulatory requirements such as GDPR, PCI-DSS, OWASP, and HIPAA.
• Experience with source code analysis tools like SonarQube and secure coding best practices.
• Strong written and verbal communication skills, capable of effectively reporting vulnerabilities to both technical and non-technical stakeholders.
• Excellent analytical and problem-solving abilities to identify root causes and propose appropriate solutions. Cloud infrastructure design and implementation with CIS Benchmarks & Compliance
•  Linux administration and patch management