My client is a top streaming company and they are looking for an application pipeline security engineer/DevSecOps to help lead and execute various Application Pipeline Security initiatives and build robust automation frameworks.
Responsibilities: - Work with the various BU stakeholders who manage code pipelines to ensure they are including our security testing and tools in those pipelines.
- Document and inventory engineering pipelines, pipeline owners, and communicate our standards and minimum-security requirements to them.
- Create processes that are adaptable to evolving technologies and conduct Proof of Concept (POC)/Proof of Value (POV) exercises for application security.
- Enforce pipeline requirements:
- Ensure that secure pipeline best practices are being followed by developers (encrypt
- environment variables when possible, proper secrets management, etc.)
- Ensure all source code is onboarded and being tested for security vulnerabilities with current
- company SAST/secret scanning solution.
- Ensure that container security agents are deployed to application infrastructure in dev, staging, and production.
- Ensure that logging/endpoint security agents are deployed in pipelines. The Logging and
- Endpoint Leads will work directly with stakeholders on actual deployments and training.
- Ensure that applications are protected by WAF (Akamai, Signal Science, AWS WAF, Edg.io)
- Ensure that applications are onboarded into DAST platform.
- Ensure that critical applications are added to the Pen Testing queue.
- Work closely with SAST/DAST/Container Security/CSPM platform leads.
- Work with broader teams on tagging/automations for critical applications. This is more process or standards based than hands on.
- Develop strategies and coordinate with stakeholders on remediation prioritization.
- Mobile Application Security Testing
Qualifications: - 5+ years of Application Security and software development experience required.
- Experience with Vulnerability Management
- Experience with SAST and DAST remediation
- Experience with Container Scanning remediation
- Experience with Sensitive Credential scanning in a SCM system.
- Experience with Mobile Security remediation
Additional Qualifications: - Experience driving projects with minimal supervision.
- Goal driven individual with good technical, interpersonal, communication, and organizational skills.
- Embraces and fosters "innovation" by working on new things in new ways every day.
- Acts as an Information Security domain authority and is comfortable interacting with employees at all levels and roles
AppSec Engineer / Pipeline Security / DevSecOps