DevSecOps Application Security Engineer

Job Description

Responsibilities:

• Design, implement, and manage security tools and practices within CI/CD pipelines, focusing on reuse, scalability, performance, availability, and security.
• Lead the implementation of cloud based architectures, networking, and containerization using Infrastructure as Code.
• Collaborate with teams to ensure secure software development practices in CI/CD pipelines.
• Create and improve process flows, documentation, and mockups to convey technical details.
• Integrate security testing tools (e.g., SAST, DAST, SCA, pen testing) into CI/CD workflows.
• Monitor and respond to security incidents and vulnerabilities promptly.
• Develop and maintain security policies, procedures, and documentation.
• Automate security processes to improve efficiency and reduce manual intervention.
• Partner with AppSec Expert to conduct and automate regular security assessments and audits, ensuring compliance with industry standards.
• Provide training and support on DevSecOps practices, enabling development teams to adopt and implement them.
• Utilize Azure DevOps for CI/CD pipeline management and automation.
• Develop self service capabilities to enhance team productivity and autonomy.
• Identify and measure the benefits and business value of DevSecOps improvements.
• Present innovative solutions and ideas across all levels, working as both a leader and contributor.
• Identify gaps and propose modernization opportunities in the SDLC.
• Debug and troubleshoot issues with CI/CD pipelines.
• Create and maintain dashboards and reports to monitor security metrics and CI/CD performance. Requirements:
• Proven experience as a DevSecOps Engineer or in a similar role.
• Strong knowledge of security tools (Jfrog xray, Github advanced security) and practices (e.g., OWASP, NIST).
• Experience with CI/CD tools (e.g., Jenkins, GitLab CI, Azure DevOps).
• Proficiency in Azure cloud services and infrastructure.
• Familiarity with containerization and orchestration tools (e.g., Docker, Kubernetes).
• Strong scripting skills (e.g., Powershell, Bash, BICEPS, ARM, YAML).
• Excellent problem solving and analytical skills.
• Strong communication and collaboration skills.