Overview
On Site
80/hr - 85/hr
Full Time
Skills
Security QA
Software security
Endpoint protection
Penetration testing
Mobile applications
Software development
Vulnerability management
Mobile security
Goal oriented
Organizational skills
Information security
Streaming
Leadership
Automation
Management
Inventory
Adaptability
POC
Training
WAF
Akamai
Science
Amazon Web Services
IO
Supply chain management
Supervision
Communication
Innovation
Job Details
My client is a top streaming company and they are looking for an application pipeline security engineer/DevSecOps to help lead and execute various Application Pipeline Security initiatives and build robust automation frameworks.
Responsibilities:
Responsibilities:
- Work with the various BU stakeholders who manage code pipelines to ensure they are including our security testing and tools in those pipelines.
- Document and inventory engineering pipelines, pipeline owners, and communicate our standards and minimum-security requirements to them.
- Create processes that are adaptable to evolving technologies and conduct Proof of Concept (POC)/Proof of Value (POV) exercises for application security.
- Enforce pipeline requirements:
- Ensure that secure pipeline best practices are being followed by developers (encrypt
- environment variables when possible, proper secrets management, etc.)
- Ensure all source code is onboarded and being tested for security vulnerabilities with current
- company SAST/secret scanning solution.
- Ensure that container security agents are deployed to application infrastructure in dev, staging, and production.
- Ensure that logging/endpoint security agents are deployed in pipelines. The Logging and
- Endpoint Leads will work directly with stakeholders on actual deployments and training.
- Ensure that applications are protected by WAF (Akamai, Signal Science, AWS WAF, Edg.io)
- Ensure that applications are onboarded into DAST platform.
- Ensure that critical applications are added to the Pen Testing queue.
- Work closely with SAST/DAST/Container Security/CSPM platform leads.
- Work with broader teams on tagging/automations for critical applications. This is more process or standards based than hands on.
- Develop strategies and coordinate with stakeholders on remediation prioritization.
- Mobile Application Security Testing
- 5+ years of Application Security and software development experience required.
- Experience with Vulnerability Management
- Experience with SAST and DAST remediation
- Experience with Container Scanning remediation
- Experience with Sensitive Credential scanning in a SCM system.
- Experience with Mobile Security remediation
- Experience driving projects with minimal supervision.
- Goal driven individual with good technical, interpersonal, communication, and organizational skills.
- Embraces and fosters "innovation" by working on new things in new ways every day.
- Acts as an Information Security domain authority and is comfortable interacting with employees at all levels and roles