DevSecOps Engineer - Application Security

Dynpro - Fremont, CA

posted about 1 month ago

Full-time - Senior
Fremont, CA
Professional, Scientific, and Technical Services

About the position

The Staff Application Security Engineer will play a crucial role in ensuring the reliability, scalability, and security of software systems. This position involves collaborating with cross-functional teams to enhance the security of applications, systems, and data, with a focus on automating security practices in code development and deployment. The engineer will lead application security triage and prioritization processes, contributing to the overall security posture of the organization.

Responsibilities

  • Design, implement, and maintain solutions for managing and protecting cloud resources, ensuring scalability, resilience, and security.
  • Contribute to security hardening efforts and develop baseline configurations for all key systems.
  • Lead application security processes, including managing security tools in CI/CD pipelines, reviewing project architectures, performing initial threat modeling, and triaging identified security defects with suggested fixes.
  • Work closely with development teams to promote best application security practices.
  • Collaborate with infrastructure and DevOps teams to ensure consistent implementation of security standards and remediate identified security posture gaps.
  • Contribute to bug bounty triage and remediation processes.

Requirements

  • Bachelor's degree in Computer Science, Information Technology, or a related technical field.
  • 8+ years of proven experience in application security (web, API, mobile) or a related role.
  • 3+ years of experience in cloud environments (AWS preferred).
  • Proficient in scripting languages such as Bash, PowerShell, or Python.
  • Familiarity with Infrastructure as Code and 'desired state' concepts using tools like Terraform, Salt, Chef, or Puppet.
  • Knowledge of common attack vectors, including the OWASP Top 10.
  • Experience with automation of build and deployment infrastructure using Kubernetes, Docker, etc.
  • Experience with CI/CD tools (e.g., Jenkins, CircleCI) and version control systems (e.g., Git).
  • Excellent problem-solving abilities and strong communication skills.

Nice-to-haves

  • In-depth knowledge of Docker and Kubernetes, and experience with infrastructure as code tools like Terraform.
  • Proficiency in deploying, monitoring, and scaling containerized applications on AWS using EKS and serverless technologies, ensuring high availability and performance.
  • Proficiency in application security assessments, penetration testing, and conducting red team or purple team exercises.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service