Job Description

As a DevSecOps Application Security Engineer, you will play a critical role in integrating security practices into our development and operations processes. You will collaborate with development teams to identify vulnerabilities, implement security controls, and drive security best practices throughout the software development lifecycle.

Key Responsibilities:

• Security Integration: Integrate security into the CI/CD pipeline, ensuring security controls and best practices are embedded from the early stages of development.
• Vulnerability Assessment: Conduct regular security assessments, including static and dynamic analysis, to identify and remediate vulnerabilities in applications.
• Threat Modeling: Develop and maintain threat models to identify potential risks and security weaknesses in applications and infrastructure.
• Incident Response: Collaborate with incident response teams to address and mitigate security incidents related to applications.
• Security Policies and Procedures: Develop, document, and enforce security policies, standards, and procedures for application development and deployment.
• Collaboration: Work closely with development, operations, and security teams to ensure security requirements are met and to foster a culture of security awareness.
• Tooling and Automation: Implement and maintain security tools and automation scripts to streamline security processes and improve efficiency.
• Continuous Improvement: Stay current with emerging security threats, trends, and technologies to continually improve security practices and tools.

Qualifications

Requirements

• Tertiary education in Computing, Computer Science, or equivalent
• Min 5-6  years of experience in application security, DevSecOps, or a related field.
• Technical Skills: Proficiency with security tools and technologies such as static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA).
• Programming Knowledge: Strong understanding of programming languages such as Java, Python, or JavaScript, and familiarity with secure coding practices.
• DevSecOps Tools: Experience with CI/CD tools (e.g., Jenkins, GitLab, Azure DevOps) and infrastructure-as-code tools (e.g., Terraform, Ansible).
• Knowledge of Standards: Familiarity with security standards and frameworks such as OWASP, NIST, or ISO 27001.
• Soft Skills: Strong problem-solving skills, attention to detail, and the ability to work independently as well as part of a team.