US Tech Solutions
What You'll Do:
- Collaborate with a team of engineers to implement specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications.
- Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.
- Define the security rules that need to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc.
- With your development background and security knowledge, provide security guidance to developers in the form of secure coding standards and guidelines.
- Support security standards, create templates and patterns to increase the efficiency and adoption of the security program.
These skills will help you succeed in this role: - Bachelor's degree with a minimum of 8 years of work experience in the IT field. - 3+ years of software development experience using Java, JavaScript. - 3+ years of experience in the following:
OWASP Secure Coding Practices Common software and web application security vulnerabilities Application security scanning tools Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins) Experience in Python scripting
Even Better If You Have: - A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to the security field. - Business acumen to support the implementation of SAST or DAST or IAST across the enterprise. - Ability to perform code reviews with minimal assistance. - A self-starter, with a strong desire for learning new technologies and applying them to solve problems. - Experience with two or more of the application build environments like Jenkins, Gradle, Maven. - Familiarity with public cloud services is a plus. - Experience with two or more of the Secure SDLC tools like Burp Suite, Fortify, Checkmarx, AppSec SE, Veracode, WhiteSource, Sonatype. - Experience with Threat Analysis. - Experience with DevSecOps, Secure SDLC. - DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc.) is a plus. - Experience with evaluation, integration and onboarding of security tools such as RASP, WAF, vulnerability scanner results, container analyzers, open source scanning etc. is a plus. #J-18808-Ljbffr
These skills will help you succeed in this role: - Bachelor's degree with a minimum of 8 years of work experience in the IT field. - 3+ years of software development experience using Java, JavaScript. - 3+ years of experience in the following:
OWASP Secure Coding Practices Common software and web application security vulnerabilities Application security scanning tools Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins) Experience in Python scripting
Even Better If You Have: - A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to the security field. - Business acumen to support the implementation of SAST or DAST or IAST across the enterprise. - Ability to perform code reviews with minimal assistance. - A self-starter, with a strong desire for learning new technologies and applying them to solve problems. - Experience with two or more of the application build environments like Jenkins, Gradle, Maven. - Familiarity with public cloud services is a plus. - Experience with two or more of the Secure SDLC tools like Burp Suite, Fortify, Checkmarx, AppSec SE, Veracode, WhiteSource, Sonatype. - Experience with Threat Analysis. - Experience with DevSecOps, Secure SDLC. - DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc.) is a plus. - Experience with evaluation, integration and onboarding of security tools such as RASP, WAF, vulnerability scanner results, container analyzers, open source scanning etc. is a plus. #J-18808-Ljbffr