Position: DevSecOps Engineer.
Location: Jersey City, NJ.
Job Description: * Expert in Static Application Security Scan/Analysis (source code review) (SAST), Software Composition Analysis (SCA) & Dynamic Application Security Scan/Analysis (DAST)
Desirable: OSCP, CISSP
Compulsory: Certified Ethical Hacker (CEH), B Tech
Other requirements:
Location: Jersey City, NJ.
Job Description: * Expert in Static Application Security Scan/Analysis (source code review) (SAST), Software Composition Analysis (SCA) & Dynamic Application Security Scan/Analysis (DAST)
- Good knowledge of Application Threat Modeling, RASP, IAST
- Implemented DevSecOps (Secure CI/CD integration)
- Vulnerabilities Assessment and Penetration Testing (VAPT), Fuzz Testing at application + Infrastructure level
- Experience of building Security Gates / threshold levels for build pass/fail
- API Security, Container Security implementation /good knowledge
- Demonstrated experience leading Security Design Reviews and/or Architecture Risk Analysis
- Expertise in OWASP & Good knowledge of NIST, SANS, PCI, ISO 27001
- Mobile Application Security testing
- Proficient with manual and automated scanner approaches
- Sound Knowledge of DevOps environment
- Integration, Management and configuration of DevSecOps Tools
- Preparing security advisories and defining the severity levels for the vulnerabilities
- Scanning, validation and reporting of vulnerabilities on daily and monthly basis
- Preparing monthly security reports for the management
- DevSecOps leader & Senior member of Security Testing Team
- Conduct Security Testing at Application, Infrastructure level, Cloud, IOT & manage multiple delivery projects
- Carrying out API Security testing
- Train and build Team in DevSecOps and Sec testing
- Experienced in building automation in testing
- Identify, test, and build exploits for OWASP Top 10 vulnerabilities.
- Use a variety of commercial and open-source ethical hacking tools
- Understand and exploit business logic flaws in web and mobile applications.
- Have a broad understanding of cloud application deployment models.
- Document every detail of the Test plans and environments to be executed by self and team.
- Document defects and issues clearly in JIRA. Communicate the same to Product owners, Scrum Masters, Development team
- Understand customer workflows and incorporate that knowledge into the test plans.
- Hands on knowledge of Integration with bug tracking tools, ticketing system
- Experienced & good knowledge of Devop Tools /technologies like Jenkins, Ansible, Chef, Docker, GitHub/Kubernetes/RedHat/Open Shift, Containers, Bug tracking tools, ticketing system etc.
Desirable: OSCP, CISSP
Compulsory: Certified Ethical Hacker (CEH), B Tech
Other requirements:
- Good Communication skills
- Managing projects and schedules.
- Mentoring application security testers, providing guidance in testing techniques, and assisting in the development of exploits for complex vulnerabilities.
- Improving testing techniques and methodology via original research, custom tool development, defining new testing standards, and aligning testing procedures with various industry standards (OWASP Top 10, OWASP ASVS, etc.).