Security Engineer (Application Security, Devsecops)

Details of the offer

Job Summary
This role involves collaborating with different teams to develop and maintain secure cloud architectures in line with best practices. It includes setting up continuous asset monitoring, administering security controls across cloud infrastructure, and implementing secure practices in development lifecycle and containerization platforms. The role also requires developing automated security tools for integration into the CI/CD pipeline, conducting regular security testing and vulnerability scanning, and assessing data flows for potential security risks. Furthermore, the role involves providing guidance to other teams, managing vulnerability resolution, and participating in incident response efforts. Understanding of secure software development practices and DevSecOps methodologies.
Job Requirements
Experience in security engineering and DevSecOps.
Lead and oversee all aspects of the Secure Software Development Lifecycle.
Implement and manage security tools within the CI/CD pipeline, focusing on DevSecOps practices.
Conduct threat modeling, design, and architectural reviews to identify potential risks.
Support third-party penetration testing by analyzing vulnerabilities and assessing their potential impact and exploitability.
Possess a foundational understanding of web application security.
Demonstrate strong knowledge of cloud computing platforms like AWS, Azure, GCP and their associated security services and features.
Experience with SAST, SCA, and DAST, with the ability to address real-world challenges in these areas.
Understand runtime security, image scanning, network security, access control, host OS hardening, and vulnerability management in the container lifecycle.
Knowledgeable in Kubernetes and the implementation of best practices.
Proven expertise in using Terraform and other infrastructure as code tools, managing vulnerabilities, policies and implementing best practices.
Handle vulnerability management for images.
Adaptable and capable of exploring various products with a wide range of tools and pipelines.
Familiarity with CI/CD tools such as GitHub Actions, Jenkins or TeamCity.
Stay informed about emerging security threats and technologies, offering recommendations for security enhancements.
Experience in automating security controls.
Understanding of networking and communication protocols like TCP/IP, UDP, SSL/TLS, IPSEC, HTTP, HTTPS, BGP.
Proficiency in scripting or programming languages like Python, Gol, Ruby for security automation and integration.

Education
Required 4 years of experience in the security domain.
Bachelor's degree in computer science, Information Security, or a related field.


Nominal Salary: To be agreed

Source: Eightfold_Ai

Requirements

Software Engineer (Nodejs, Go)

Job Summary We are actively searching for a talented and forward-thinking developer to join our team. As a key member of our organization, you will play a vi...


Netapp - Karnataka

Published a month ago

Cloud Engineer (Go, Python, C++, Java)

Job Summary NetApp is a cloud-led, data-centric software company that helps organizations put data to work in applications that elevate their business. We he...


Netapp - Karnataka

Published a month ago

Senior Technical Program Manager

Job Summary: The Technical Program Manager (TPM) position resides within the Marketing Technology Office.? TPM's are responsible for working with internal Ma...


Netapp - Karnataka

Published a month ago

Full Stack - Software Engineer

Full Stack - Software Engineer The Corporate Systems development team at Millennium is looking for a Full Stack - Software Engineer to work on our Authentic...


Mlp - Karnataka

Published a month ago

Built at: 2024-11-15T21:55:44.443Z