Application Security Engineer

Role Purpose

We are seeking a skilled DevSecOps Engineer to design, implement, and manage secure software delivery practices. The role focuses on integrating security into CI/CD pipelines, automating testing, and ensuring compliance with industry standards while collaborating across IT, operations, and audit teams.

Key Responsibilities

• Onboard and integrate projects into the DevSecOps tool chain.
• Design and implement secure software delivery practices.
• Automate security testing in CI/CD pipelines to improve efficiency and reliability.
• Develop and maintain security tools and automation scripts.
• Create and tune DevSecOps security policies.
• Collaborate with operations, compliance, and audit teams to meet security requirements.
• Conduct vulnerability assessments using SAST, DAST, and IAST tools.
• Generate CIS benchmark compliance reports and follow up on resolution.
• Support encryption strategies (KMS, SSL/TLS, digital certificates, crypto policies).
• Monitor and analyze security events through SIEM (QRadar).
• Provide support for endpoint protection (EDR) and operational control.

Requirements

• Bachelor’s degree in Computer Science, IT, or related field.
• 4–6 years of experience in DevSecOps, Qradar, Application Security, or related roles.
• Hands-on expertise with SAST, DAST, IAST Seeker, SCA, and RASP tools.
• Experience with Sonatype Nexus-IQ and Synopsys Coverity.
• Strong scripting skills (Python, Bash, PowerShell).
• Familiarity with Agile/DevOps methodologies.
• Knowledge of compliance standards (CIS, NIST, ISO).
• Strong problem-solving, collaboration, and communication skills.