Must Have Technical/Functional Skills
Technical:
- Strong knowledge with DevOps tools and technologies, such as Jenkins, Docker, Kubernetes, and Ansible
- Experience in designing and implementing pipelines, build management scripts
- Solid experience working with and integrating automated security tools into CI/CD pipelines
- Solid experience in integrating external tools or products with pipelines
- Ability to scale security within the SDLC by automation using tools sets such as source code analyzers, vulnerability scanners, configuration validation, and similar techniques
- Experience in integrating SAST (SonarQube or any SAST) & SCA tools to CI/CD pipelines
- Solid understanding on Container technologies (Docker, Kubernetes) and scanning the containers
- Hands-on technical knowledge of Vulnerability/compliance, Secure Coding
- Strong knowledge on Python and BASH scripting
- Proven experience in software development, IT operations, or a similar role
- Strong analytical and problem-solving skills
- Ability to validate and articulate all vulnerabilities identified in the composition scans.
- Interpret vulnerability data, communicate business impact and remediation actions to the technical teams and business leaders
- Design and produce customized reports on an as needed basis
- Ability to build Standard Operating Procedures (SOPs) capturing the technical details and nuances
Experience Required
- Experience with Automated Security Scanning tools like “Snyk”
- Strong technical knowledge of secure engineering principles
- Experience in implementing Terraform scripts for IaC
- Experience in assessing current systems and processes, and developing ways to improve them
- Conduct, coordinate and perform application vulnerability assessments (dynamic & static) through the use of automated and manual tools
- Experience with cloud platforms, such as AWS, Azure
- Proven ability to communicate technical issues to technical and non-technical audience; ability to work effectively as part of remediation teams
- Knowledge and understanding of full life cycle application development
Roles & Responsibilities
In this role, you will be responsible to implement or customize CI/CD pipelines to integrate the Snyk to perform SAST, SCA, Container Scan and IaC Scans. Configuring the trigger criteria, triggering, setting up SAST Quality gates, configuring build criteria etc.The responsibilities of this role does include analyzing the Vulnerabilities for false positives, offer remediation guidance and build SOPs that help customer to expedite the resolution of vulnerabilities.
Job Type: Full-time
Pay: $100,000.00 per year
Schedule:
Work Location: On the road