eTeam
Key Responsibilities
Security by Design:
Embed security requirements into CI/CD pipelines, infrastructure-as-code (IaC), and application architectures. Automation & Tooling:
Configure and maintain security scanning tools (SAST, DAST, SCA, container scanners) within automated build and deployment workflows. Vulnerability Management:
Triage, prioritize, and remediate vulnerabilities discovered in code, containers, and cloud environments; drive fixes and track metrics. Incident Response Support:
Assist in investigation of security incidents related to applications or infrastructure; write playbooks and run tabletop exercises. Infrastructure Security:
Implement and enforce secure configuration and hardening standards for cloud platforms (AWS, Azure, GCP) and Kubernetes clusters. Policy & Compliance:
Define, document, and enforce security policies, standards, and guidelines aligned with industry frameworks (OWASP, CIS Benchmarks, NIST). Threat Modeling & Risk Assessment:
Lead or participate in threat modeling sessions for new features; provide risk-based recommendations. Training & Evangelism:
Conduct security awareness workshops for developers and DevOps teams; champion "shift-left" security culture. Required Qualifications
Experience:
5+ years in DevSecOps, cloud security, or application security roles. Security Toolchain:
Hands-on with static analysis (e.g., SonarQube, Fortify), dynamic analysis (e.g., ZAP, Burp Suite), software composition analysis (e.g., Snyk, Black Duck), and container scanning (e.g., Clair, Trivy). CI/CD Integration:
Expertise automating security gates in Jenkins, GitLab CI/CD, GitHub Actions, or equivalent. Cloud & IaC:
Proficiency with AWS/Azure/GCP security services, Terraform/CloudFormation, and Kubernetes security (PodSecurityPolicy, OPA/Gatekeeper). Programming/Scripting:
Strong skills in Python, Go, or Bash for automation and custom tool development. Standards & Frameworks:
Deep understanding of OWASP Top 10, CIS Benchmarks, NIST 800-53/800-190. Vulnerability Management:
Solid experience with vulnerability scanners (Nessus, Qualys) and issue-tracking systems. Preferred Qualifications
Certifications:
CISSP, CSSLP, GCP Professional Cloud Security Engineer, AWS Security Specialty, or equivalent. DevOps Background:
Prior hands-on experience in software development, infrastructure engineering, or platform engineering. Container Security:
Familiarity with service meshes (e.g., Istio), runtime protection tools (e.g., Falco), and supply chain security (e.g., Sigstore). Threat Client & Red Teaming:
Experience with penetration testing, threat intelligence feeds, or purple-team exercises.
Security by Design:
Embed security requirements into CI/CD pipelines, infrastructure-as-code (IaC), and application architectures. Automation & Tooling:
Configure and maintain security scanning tools (SAST, DAST, SCA, container scanners) within automated build and deployment workflows. Vulnerability Management:
Triage, prioritize, and remediate vulnerabilities discovered in code, containers, and cloud environments; drive fixes and track metrics. Incident Response Support:
Assist in investigation of security incidents related to applications or infrastructure; write playbooks and run tabletop exercises. Infrastructure Security:
Implement and enforce secure configuration and hardening standards for cloud platforms (AWS, Azure, GCP) and Kubernetes clusters. Policy & Compliance:
Define, document, and enforce security policies, standards, and guidelines aligned with industry frameworks (OWASP, CIS Benchmarks, NIST). Threat Modeling & Risk Assessment:
Lead or participate in threat modeling sessions for new features; provide risk-based recommendations. Training & Evangelism:
Conduct security awareness workshops for developers and DevOps teams; champion "shift-left" security culture. Required Qualifications
Experience:
5+ years in DevSecOps, cloud security, or application security roles. Security Toolchain:
Hands-on with static analysis (e.g., SonarQube, Fortify), dynamic analysis (e.g., ZAP, Burp Suite), software composition analysis (e.g., Snyk, Black Duck), and container scanning (e.g., Clair, Trivy). CI/CD Integration:
Expertise automating security gates in Jenkins, GitLab CI/CD, GitHub Actions, or equivalent. Cloud & IaC:
Proficiency with AWS/Azure/GCP security services, Terraform/CloudFormation, and Kubernetes security (PodSecurityPolicy, OPA/Gatekeeper). Programming/Scripting:
Strong skills in Python, Go, or Bash for automation and custom tool development. Standards & Frameworks:
Deep understanding of OWASP Top 10, CIS Benchmarks, NIST 800-53/800-190. Vulnerability Management:
Solid experience with vulnerability scanners (Nessus, Qualys) and issue-tracking systems. Preferred Qualifications
Certifications:
CISSP, CSSLP, GCP Professional Cloud Security Engineer, AWS Security Specialty, or equivalent. DevOps Background:
Prior hands-on experience in software development, infrastructure engineering, or platform engineering. Container Security:
Familiarity with service meshes (e.g., Istio), runtime protection tools (e.g., Falco), and supply chain security (e.g., Sigstore). Threat Client & Red Teaming:
Experience with penetration testing, threat intelligence feeds, or purple-team exercises.