eTeam
Job Summary:
We are seeking an experienced
DevSecOps & Application Security Engineer
to strengthen our software delivery process by embedding security at every stage of the development and deployment pipeline. This hybrid role focuses on implementing DevSecOps best practices while conducting deep application security assessments, ensuring our products and infrastructure are secure, compliant, and resilient.
Key Responsibilities: DevSecOps Responsibilities:
Design and implement
secure CI/CD pipelines
with integrated security tools. Develop
automated security testing
solutions (SAST, DAST, SCA, IaC scanning). Harden infrastructure and cloud environments (AWS, Azure, or GCP). Use
Infrastructure as Code (IaC)
tools like Terraform, Ansible, or CloudFormation. Manage container and orchestration security (Docker, Kubernetes, Helm). Application Security Responsibilities:
Conduct
secure code reviews
and guide development teams on best practices. Perform
vulnerability assessments
and
penetration testing
on web and mobile applications. Lead threat modeling sessions and
secure architecture reviews . Remediate vulnerabilities through collaboration with development and QA teams. Stay current with
OWASP Top 10 , CWE/SANS 25, and emerging application threats. Required Skills and Experience:
3-5+ years of experience in
DevSecOps, Application Security, or Security Engineering . Strong knowledge of
secure SDLC and CI/CD practices . Hands-on experience with tools like
SonarQube, Checkmarx, Veracode, Burp Suite, OWASP ZAP, Snyk . Proficiency in
scripting and coding languages
(Python, JavaScript, Java, etc.). Familiarity with
cloud platforms
(AWS, Azure, GCP) and
container security
(e.g., Aqua, Prisma Cloud). Deep understanding of
application vulnerabilities
and secure design principles. Experience integrating security tools into DevOps pipelines (Jenkins, GitLab CI, Azure DevOps).
We are seeking an experienced
DevSecOps & Application Security Engineer
to strengthen our software delivery process by embedding security at every stage of the development and deployment pipeline. This hybrid role focuses on implementing DevSecOps best practices while conducting deep application security assessments, ensuring our products and infrastructure are secure, compliant, and resilient.
Key Responsibilities: DevSecOps Responsibilities:
Design and implement
secure CI/CD pipelines
with integrated security tools. Develop
automated security testing
solutions (SAST, DAST, SCA, IaC scanning). Harden infrastructure and cloud environments (AWS, Azure, or GCP). Use
Infrastructure as Code (IaC)
tools like Terraform, Ansible, or CloudFormation. Manage container and orchestration security (Docker, Kubernetes, Helm). Application Security Responsibilities:
Conduct
secure code reviews
and guide development teams on best practices. Perform
vulnerability assessments
and
penetration testing
on web and mobile applications. Lead threat modeling sessions and
secure architecture reviews . Remediate vulnerabilities through collaboration with development and QA teams. Stay current with
OWASP Top 10 , CWE/SANS 25, and emerging application threats. Required Skills and Experience:
3-5+ years of experience in
DevSecOps, Application Security, or Security Engineering . Strong knowledge of
secure SDLC and CI/CD practices . Hands-on experience with tools like
SonarQube, Checkmarx, Veracode, Burp Suite, OWASP ZAP, Snyk . Proficiency in
scripting and coding languages
(Python, JavaScript, Java, etc.). Familiarity with
cloud platforms
(AWS, Azure, GCP) and
container security
(e.g., Aqua, Prisma Cloud). Deep understanding of
application vulnerabilities
and secure design principles. Experience integrating security tools into DevOps pipelines (Jenkins, GitLab CI, Azure DevOps).