Sr. Security Engineer

• Leads projects to implement tools in CICD pipelines to implement automated Static Application Security Test (SAST), Dynamic Application Security Test (DAST) and Source Code Analysis (SCA).
• Works within the DevSecOps model to secure Containers, withing ROSA, Tekton and OpenShift pipelines
• Designs, develops, plans, implements, and supports Cloud DevSecOps processes across multiple business units, ensuring alignment with secure coding best practices.
• Possess extensive knowledge of CI tools such as Jenkins, Tekton, CircleCI, Gitlab, AWS CodePipeline etc.
• Test driven mindset with experience in automation with development tools
• Facilitates training on enterprise tools and best practices
• Collaborate with and across Agile teams to design, develop, test, implement, and support technical solutions in full-stack development tools and technologies
• Apply software development skills (e.g., Java, C#.NET, JavaScript) to recommend and apply secure coding practices
• Utilize programming languages like JavaScript, Java, HTML/CSS, TypeScript, SQL, Python, and Go, Open-Source RDBMS and NoSQL databases, Container Orchestration services including Docker and Kubernetes, and a variety of AWS tools and services
• Knowledge of OWASP secure coding standards.
• Experience with Agile methodologies.
• Experience with AWS and Kubernetes
• Consult with development Teams to perform security reviews of software designs and help developers to ensure quality and robustness of our internal products
• Conduct security assessments against web applications and APIs across a variety of technology stacks
• Performs technical design reviews and code reviews.
• Drive awareness and knowledge of security in the developer community.

• B.S. preferably in a technical or scientific field with 7 years of software and development experience, with a minimum of 5+ years of hands-on experience working with DevSecOps Technologies.
• Minimum 5+ years hands-on experience working with Cloud technologies.
• Experience in API testing tools (Postman, BurpSuite or any comparable tools)
• Excellent understanding of DevSecOps techniques and processes, guide integration of various tools in DevSecOps processes (GitLab/GitHub, SonarQube, Jenkins, Selenium, Ansible, Docker, Kubernetes, and containerization).
• Should be well versed with the AWS well architected framework or TOGAF and able to apply those principles while designing a solution
• Experience building, engineering and supporting applications in the Cloud (AWS, Azure, GCP)
• Experience conducting vulnerability risk and impact assessment
• Understand how to integrate security capabilities in cloud and application lifecycle management platforms especially in a DevOps model
• Excellent written and verbal communication skills
• Strong sense of urgency and ownership
• Extensive experience in application security and/or ethical hacking
• Extensive experience in software development
• Experience integrating secure coding techniques with product teams
• Professional certifications in Security, Cloud, Container or DevOps

Pyramid Consulting