We are looking for a hands-on Senior DevSecOps Platform Engineer to help build an internal security automation platform for SBOM/CBOM inventory, vulnerability scanning, and Claude-based auto-remediation.
This is not a traditional full-stack developer role. The right candidate should be able to build applications, design CI/CD pipelines, integrate security scanning tools, understand cryptography inventory, and automate remediation safely.
Design and build a centralized platform for SBOM and CBOM inventory.
Scan applications, repositories, containers, dependencies, certificates, keys, crypto algorithms, TLS configurations, and runtime components.
Integrate SBOM/CBOM and vulnerability scanning into Jenkins/GitLab CI/CD pipelines.
Identify vulnerable dependencies, CVEs, weak cryptography, expired certificates, insecure TLS versions, hardcoded secrets, and non-compliant libraries.
Build automation workflows to support remediation using Claude or similar AI coding agents.
Automate safe fixes such as dependency upgrades, base image updates, configuration changes, and pull request creation.
Ensure all AI-assisted remediations are validated through build, test, scan, approval, and audit workflows before merge or deployment.
Build dashboards and reports for application inventory, vulnerability posture, crypto posture, remediation status, and SLA tracking.
Work closely with application, security, DevOps, and platform teams.
Hands-on experience with Jenkins and/or GitLab CI/CD.
Strong understanding of SBOM, dependency scanning, transitive dependencies, CVEs, and container image scanning.
Experience with tools such as Syft, Grype, CycloneDX, SPDX, JFrog Xray, Sonatype, Checkmarx, Fortify, or Veracode.
Good understanding of CBOM and cryptography inventory, including TLS/HTTPS, certificates, keys, cipher suites, encryption algorithms, hashing algorithms, signing algorithms, keystores, truststores, and secrets.
Ability to identify weak crypto such as MD5, SHA-1, DES/3DES, RC4, RSA-1024, TLS 1.0/TLS 1.1, and disabled certificate validation.
Hands-on AWS experience with services such as Lambda, API Gateway, S3, DynamoDB, IAM, ECS/EKS, CloudWatch, X-Ray, Secrets Manager, and KMS.
Experience with observability tools such as Splunk, ELK/Kibana, CloudWatch, and X-Ray.
Strong hands-on experience with Java/Spring Boot.
Experience with at least one additional language such as Node.js, Python, or Go.
Experience building REST APIs, microservices, batch jobs, and platform integrations.
Strong troubleshooting skills across application, pipeline, cloud, and security issues.
The candidate should understand how to use Claude or similar AI tools in a controlled engineering workflow