Senior Application Security Engineer, DevSecOps

About The Position

Requirements

• B.S. in a technical or scientific field with 7 years of software and development experience, or 9+ years of professional experience.
• Minimum 5+ years of hands-on experience working with DevSecOps Technologies.
• Minimum 5+ years of hands-on experience working with Cloud technologies.
• Experience in API testing tools (Postman, BurpSuite, or comparable tools).
• Excellent understanding of DevSecOps techniques and processes, guiding integration of various tools in DevSecOps processes (GitLab/GitHub, SonarQube, Jenkins, Selenium, Ansible, Docker, Kubernetes).
• Experience building, engineering, and supporting applications in the Cloud (AWS, Azure, GCP).
• Experience conducting vulnerability risk and impact assessments.
• Excellent written and verbal communication skills.

Nice To Haves

• Extensive experience in application security and/or ethical hacking.
• Extensive experience in software development.
• Experience integrating secure coding techniques with product teams.
• Professional certifications in Security, Cloud, Container, or DevOps.

Responsibilities

• Leads projects to implement tools in CICD pipelines for automated Static Application Security Test (SAST), Dynamic Application Security Test (DAST), and Source Code Analysis (SCA).
• Works within the DevSecOps model to secure Containers, including ROSA, Tekton, and OpenShift pipelines.
• Designs, develops, plans, implements, and supports Cloud DevSecOps processes across multiple business units, ensuring alignment with secure coding best practices.
• Possesses extensive knowledge of CI tools such as Jenkins, Tekton, CircleCI, Gitlab, AWS CodePipeline, etc.
• Facilitates training on enterprise tools and best practices.
• Collaborates with Agile teams to design, develop, test, implement, and support technical solutions in full-stack development tools and technologies.
• Applies software development skills (e.g., Java, C#.NET, JavaScript) to recommend and apply secure coding practices.
• Utilizes programming languages like JavaScript, Java, HTML/CSS, TypeScript, SQL, Python, and Go, along with Open-Source RDBMS and NoSQL databases, and Container Orchestration services including Docker and Kubernetes.
• Conducts security assessments against web applications and APIs across various technology stacks.
• Performs technical design reviews and code reviews.

Benefits

• Competitive salary, industry-leading profit sharing program, and performance incentives.
• 401(k) with generous company contributions up to 9%.
• Up to 2-weeks of vacation for new hires, earned for use in the following vacation year.
• Up to 56 hours of paid personal time within a 12-month period.
• 10 paid holidays per calendar year.
• 12-weeks of paid maternity/parental leave for birthing parents.
• 2-weeks of paid parental leave for non-birthing parents.
• Comprehensive health benefits including medical, dental, vision, short/long term disability, and life insurance.
• Family care assistance through fertility support, surrogacy and adoption assistance, lactation support, and subsidized back-up care.
• Holistic Wellbeing programs to support physical, emotional, social, and financial health.
• Domestic and International space-available flight privileges for employees and eligible family members.
• Career development programs to achieve long-term career goals.
• World-wide partnerships for community service and sustainability initiatives.
• Business Resource Groups for promoting inclusion and perspective.
• Recognition rewards through the platform Unstoppable Together.
• Access to over 500 discounts and voluntary benefits through Deltaperks.