DevSecOps Engineer Enterprise Solutions Alaska Jersey City, NJ

K

Kate

Administrator
Команда форума
Job Description:
  • Expert in Static Application Security Scan/Analysis (source code review) (SAST), Software Composition Analysis (SCA) & Dynamic Application Security Scan/Analysis (DAST)
  • Good knowledge of Application Threat Modeling, RASP, IAST
  • Implemented DevSecOps (Secure CI/CD integration)
  • Vulnerabilities Assessment and Penetration Testing (VAPT), Fuzz Testing at application + Infrastructure level
  • Experience of building Security Gates / threshold levels for build pass/fail
  • API Security, Container Security implementation /good knowledge
Information Systems/Network Security experience
  • Demonstrated experience leading Security Design Reviews and/or Architecture Risk Analysis
  • Expertise in OWASP & Good knowledge of NIST, SANS, PCI, ISO 27001
  • Mobile Application Security testing
  • Proficient with manual and automated scanner approaches
  • Sound Knowledge of DevOps environment
  • Integration, Management and configuration of DevSecOps Tools
  • Preparing security advisories and defining the severity levels for the vulnerabilities
  • Scanning, validation and reporting of vulnerabilities on daily and monthly basis
  • Preparing monthly security reports for the management
Job Responsibilities:
  • DevSecOps leader & Senior member of Security Testing Team
  • Conduct Security Testing at Application, Infrastructure level, Cloud, IOT & manage multiple delivery projects
  • Carrying out API Security testing
  • Train and build Team in DevSecOps and Sec testing
  • Experienced in building automation in testing
  • Identify, test, and build exploits for OWASP Top 10 vulnerabilities.
  • Use a variety of commercial and open-source ethical hacking tools
  • Understand and exploit business logic flaws in web and mobile applications.
  • Have a broad understanding of cloud application deployment models.
  • Document every detail of the Test plans and environments to be executed by self and team.
  • Document defects and issues clearly in JIRA. Communicate the same to Product owners, Scrum Masters, Development team
  • Understand customer workflows and incorporate that knowledge into the test plans.
  • Hands on knowledge of Integration with bug tracking tools, ticketing system
 
Войдите или зарегистрируйтесь для ответа.
Сверху