Cyber Security Engineer - DevSecOps

Job Description:

• Expertise in secure API integration design and implementation
• Expertise in the OWASP top 10 for web applications, and LLMs, along with mitigation and remediation techniques
• Extensive experience in cybersecurity within software engineering environments.
• Experience with a programming language (C/C++, Python, Go, JavaScript / TypeScript, Rust)
• Proficiency in cloud security, threat detection, data analysis, and incident response.
• Expertise with security tools such as BurpSuite, PyRIT, Garak, MitM, Metasploit, Wireshark, Wiz, Sonarqube
• Experience standing up Security tooling to automate security hygiene, analysis, reporting, or otherwise host tools or enhance intel capabilities
• Strong technical knowledge of microservice architecture, content distribution networks, data lakes, serverless functions, and databases.
• Familiarity with various cloud platforms and DevOps tools.
• Excellent analytical and problem-solving skills.
• Strong communication skills, both written and verbal.
• Ability to independently develop and implement security solutions.
• Experience in developing and implementing automated security testing functions.

Job Responsibilities:

• Threat Modeling: Develop and maintain comprehensive threat models across embedded platforms, cloud services, and software applications to proactively identify, prioritize, and mitigate potential vulnerabilities throughout the system development lifecycle.
• Embedded Platform Penetration Testing: Conduct regular penetration tests and security assessments of embedded platforms to proactively identify and remediate vulnerabilities unique to embedded systems and hardware integration.
• Cloud-hosted Application Penetration Testing: Conduct regular penetration tests and security assessments on cloud-hosted applications to proactively identify and remediate vulnerabilities unique to embedded systems and hardware integration.
• Red-Teaming AI-Backed Services: Conduct regular adversarial testing and red-teaming exercises focused on AI-powered services and machine learning models. Proactively identify and exploit potential vulnerabilities unique to AI systems and collaborate with legal and engineering teams to remediate security risks specific to AI and automated decision-making capabilities.
• Threat Detection and Analysis: Utilize advanced security tools like Cloud Security Posture Management platforms, open-source pen-testing tools, SIEMs, and SASTs to identify, analyze, validate, and stop vulnerabilities from entering the environment. Perform regular penetration testing and vulnerability assessments.
• Data Analysis and Security Monitoring: Conduct comprehensive analysis of security data from microservice architectures, content distribution networks, data lakes, serverless functions, and databases. Use SIEM tools to correlate security events and identify anomalies.
• Incident Response and Management: Participate in incident response efforts, perform root cause analysis, and implement or suggest corrective actions to mitigate security breaches. Develop and maintain incident response playbooks.
• Supply Chain Security: Assess and mitigate security risks associated with the supply chain, like open source libraries, ensuring end-to-end security
• Software Security Flaws Mitigation: Identify and address software security flaws and misconfigurations to enhance overall security posture. Perform code reviews and static/dynamic analysis. Languages include but not limited to Python, C++, C#, JS, Python, HCL
• Security Solutions Development: Develop and implement custom security solutions, minimizing reliance on paid services. Create security automation scripts and integrate security tools into CI/CD pipelines.
• Automating Security Test Functions: Develop and implement automated dynamic security testing functions to ensure continuous security validation.

Education: Bachelor's or Master’s degree in Computer Science, Computer or Electrical Engineering, Mathematics, or a related field.

GlobalLogic estimates the starting pay range for this role to be performed in Dallas, TX, to be $125,000 to $135,000, and reflects base salary only. This pay range is provided as a good-faith estimate, and the amount offered may be higher or lower. GlobalLogic takes many factors into consideration in making an offer, including candidate qualifications, work experience, operational needs, travel and onsite requirements, internal peer equity, prevailing wage, responsibilities, and other market and business considerations.