Devops security Engineer
Share
Job Location:
Monthly Salary:
Posted on:
7 hours ago
Vacancies:
1 Vacancy
Job Summary
We are looking for a hands-on Application Security Engineer to strengthen security across our software lifecycle and integrate vulnerability mitigations into real life healthcare HA software environment.
You will work closely with IT Development and Applications Team and also with the Infrastructure Team to integrate security into CI/CD pipelines perform application security reviews and remediate vulnerabilities directly at code or configuration level. You will receive priority list to work on from the Cybersecurity Team.
This is a technical practitioner role: you will analyze vulnerabilities fix issues in applications and help development teams build secure software by design.
If you enjoy working at the intersection of security engineering and DevOps this role is for you.
You will be in charge of taking action after triage to remediate application vulnerabilities (SAST/DAST/SCA findings - coming either from already existing tools or processes for the most part or you will be in charge of implementing some of the tools to detect vulnerabilities).
You will also perform secure code reviews and architecture security assessments.
In order you will:
- Resolve vulnerability issues and conflicts related to application code libraries and dependencies
- Help reduce technical debt and improve overall application security maturity through contributions to decision making process on vulnerability remediation and clarify options
- reduce technical debt and improve overall application security maturity
- Integrate security tooling into CI/CD pipelines (DevSecOps)
- Support development teams with secure coding practices
- Participate in threat modeling and security design reviews
You will focus on application security - however you will need to closely cooperate with your counterpart security engineers in charge of patch and vulnerability treatment at OS level.
What Youll Work With
- Modern CI/CD pipelines (GitLab DevOps Kubernetes/Docker)
- SAST / DAST / SCA tools (e.g. Qualys Pentest reports etc.)
- Enterprise application stacks (Java JavaScript/ TypeScript Angular or similar et Python)
- Local DC environment
- OWASP Top 10 and secure coding frameworks
You need to have:
- Strong software engineering background (you can read and modify production code)
- Experience in application security or secure software development
- Solid understanding of OWASP Top 10 and common application vulnerabilities
- Hands-on experience with vulnerability remediation at code land configuration level
- Familiarity with CI/CD pipelines and DevSecOps practices
- Ability to analyze scanner findings and distinguish real issues from false positives
- Comfortable working with developers and security teams in a HA environment.
Skills:
Angular
DevOps
Docker
GIT
Java
Kubernetes
Middleware
Spring Boot
Systems Development Lifecycle
Key Skills
- Splunk
- IDS
- Network security
- Computer Networking
- Identity & Access Management
- PKI
- PCI
- NIST Standards
- Security System Experience
- Information Security
- Encryption
- Siem
About Company
30 employees
Welcome to Sansaone, a dynamic force in the realm of ICT talent acquisition. Born out of a passion for excellence and a vision for connecting outstanding professionals with forward-thinking organizations, we stand as a beacon for strategic recruitment solutions in the Information and ... View more
