Job Description
Summary
We're looking for an Application Security Engineer who will be responsible for designing and implementing robust security frameworks to protect our software and infrastructure. This role involves conducting regular security assessments, including Cloud, Kubernetes, and our Products, to identify and address vulnerabilities. Additionally, the engineer will collaborate with development teams to integrate security practices throughout the software lifecycle, ensuring that all products meet the highest security standards before deployment.
In this role, you’ll:
- Develop and manage CI/CD pipeline development, ensuring secure code integration, testing, and deployment.
- Implement and maintain secure cloud infrastructures using tools like Kubernetes and Terraform.
- Manage software libraries and dependencies to ensure secure and up-to-date components within the software lifecycle.
- Analyze and apply findings from static and dynamic application security testing to enhance system security continuously.
- Integrate security protocols and standards into the software development lifecycle (SDLC) to ensure robust and secure product releases.
- Enhance security measures across cloud environments (AWS, GCP) and ensure compliance with regulatory standards.
- Work with cross-functional teams to implement security best practices and enhance security features within product designs.
- Conduct regular security assessments to identify and remediate infrastructure and cloud security weaknesses.
- Continuously analyze and apply findings from security testing to enhance system security.
We’re looking for candidates who have:
- CI/CD Pipeline Management: Proven experience in building, automating, and securing CI/CD pipelines.
- Code Level Security: Expertise in implementing code-level security measures throughout the software development lifecycle.
- Software Library Management: Experience managing software libraries and ensuring secure, up-to-date dependencies.
- Application Security Experience: Proficiency in using SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis) to identify and remediate security vulnerabilities in software applications.
- Automation and Scripting: Proficiency in scripting languages such as Python or Bash for automating security and logging tasks.
- Collaboration Skills: Excellent communication skills, both verbal and written, for effective collaboration with cross-functional teams.
- Security Best Practices: Understanding of secure coding practices, with a primary focus on infrastructure and cloud security.
Nice to have experience:
- Infrastructure Expertise: Strong experience in designing, deploying, and managing secure cloud infrastructures using Kubernetes and Terraform.
- Cloud Platforms: Proficiency in AWS and GCP, with a focus on implementing and managing security services.
- Security and Compliance Expertise: Hands-on experience with security compliance standards such as ISO 27001 or SOC 2, and prior involvement in incident response and management within cloud environments, especially in regulated industries like finance or healthcare.
Technologies we use:
- Coding Languages - Java, Javascript, Python,
- IaC - Terraform
- Cloud - AWS, GCP
- CI/CD Pipeline - Github, GitHub Actions, Jenkins
- API’s - REST APIs
Skills
- AWS
- Communications Skills
- Development
- Java
- Python
- Team Collaboration