Responsibilities

• Conduct Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Source Code Analysis (SCA) using tools like Veracode.
• Research open-source vulnerabilities and assess residual risks using NIST NVD.
• Secure containerized environments within ROSA, Tekton, and OpenShift pipelines.
• Perform baseline image validation and evaluate scan results to reduce security risks.
• Design and maintain Cloud DevSecOps processes, ensuring security testing aligns with business requirements.
• Guide development teams in integrating security measures into the CI/CD pipeline and automate deployments in high-security architectures.
• Provide operational support for container security tools (e.g., Palo Alto Prisma, Aqua).
• Troubleshoot connectivity and operational issues within container clusters.
• Characterize threats and manage remediation efforts, ensuring timely delivery of fixes for vulnerabilities.
• Conduct security reviews and assessments for software designs, web applications, and APIs.

Qualifications

• Strong understanding of application security principles and secure coding practices (Java, C#.NET, JavaScript).
• Familiarity with CI/CD orchestration tools (e.g., Jenkins, GitLab, Tekton).
• Excellent communication skills, both verbal and written, with the ability to convey complex security concepts clearly.
• Strong analytical skills with attention to detail and the ability to conduct thorough research.

Posted By