Senior Full Stack DevSecOps Platform Engineer

SBOM / CBOM Inventory, Vulnerability Scanning & AI Auto-Remediation

We are looking for a hands-on Senior Full Stack + DevSecOps Platform Engineer to help build an internal security automation platform for SBOM/CBOM inventory, vulnerability scanning, and Claude-based auto-remediation.

This is not a traditional full-stack developer role. The right candidate should be able to build applications, design CI/CD pipelines, integrate security scanning tools, understand cryptography inventory, and automate remediation safely.

Key Responsibilities

Design and build a centralized platform for SBOM and CBOM inventory.
Scan applications, repositories, containers, dependencies, certificates, keys, crypto algorithms, TLS configurations, and runtime components.
Integrate SBOM/CBOM and vulnerability scanning into Jenkins/GitLab CI/CD pipelines.
Identify vulnerable dependencies, CVEs, weak cryptography, expired certificates, insecure TLS versions, hardcoded secrets, and non-compliant libraries.
Build automation workflows to support remediation using Claude or similar AI coding agents.
Automate safe fixes such as dependency upgrades, base image updates, configuration changes, and pull request creation.
Ensure all AI-assisted remediations are validated through build, test, scan, approval, and audit workflows before merge or deployment.
Build dashboards and reports for application inventory, vulnerability posture, crypto posture, remediation status, and SLA tracking.
Work closely with application, security, DevOps, and platform teams.
Required Skills

Strong hands-on experience with Java/Spring Boot.
Experience with at least one additional language such as Node.js, Python, or Go.
Experience building REST APIs, microservices, batch jobs, and platform integrations.
Hands-on experience with Jenkins and/or GitLab CI/CD.
Strong understanding of SBOM, dependency scanning, transitive dependencies, CVEs, and container image scanning.
Experience with tools such as Syft, Grype, CycloneDX, SPDX, JFrog Xray, Sonatype, Checkmarx, Fortify, or Veracode.
Good understanding of CBOM and cryptography inventory, including TLS/HTTPS, certificates, keys, cipher suites, encryption algorithms, hashing algorithms, signing algorithms, keystores, truststores, and secrets.
Ability to identify weak crypto such as MD5, SHA-1, DES/3DES, RC4, RSA-1024, TLS 1.0/TLS 1.1, and disabled certificate validation.
Hands-on AWS experience with services such as Lambda, API Gateway, S3, DynamoDB, IAM, ECS/EKS, CloudWatch, X-Ray, Secrets Manager, and KMS.
Experience with observability tools such as Splunk, ELK/Kibana, CloudWatch, and X-Ray.
Strong troubleshooting skills across application, pipeline, cloud, and security issues.
The candidate should understand how to use Claude or similar AI tools in a controlled engineering workflow

Preferred Skills

Experience building internal developer platforms or security automation platforms.
Experience with vulnerability management and remediation workflows.
Experience with policy engines such as OPA or custom rule engines.
Knowledge of post-quantum cryptography readiness and crypto-agility.
Experience with certificate lifecycle management, secrets management, and cloud security controls.
Frontend experience with Angular or React for dashboards and reporting.
Minimum Qualifications

8+ years of software engineering experience.
3+ years of DevOps, DevSecOps, platform engineering, or security automation experience.
Strong Java/Spring Boot background.
Hands-on CI/CD and cloud experience.
Practical experience with security scanning and vulnerability remediation.
Strong communication skills and ability to work across security, platform, DevOps, and application teams.
Ideal Candidate

The ideal candidate can code, build pipelines, integrate scanners, understand SBOM/CBOM findings, troubleshoot AWS and production issues, and design safe AI-assisted remediation workflows.

A pure Java full stack developer will not be enough for this role.