Description :

Role Summary :

We are seeking a skilled DevSecOps Engineer with deep expertise in SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) to enhance and secure our continuous integration and continuous delivery pipelines.

The ideal candidate will be responsible for integrating security tools, automating security controls, conducting vulnerability analysis, and ensuring that application security is embedded throughout the SDLC.

Key Responsibilities :

- Integrate SAST, DAST, SCA, and other security tools into CI/CD pipelines (Jenkins, Azure DevOps, GitLab CI, etc.

- Automate security scanning processes to ensure continuous and scalable security validation.

- Implement automated controls for secure code analysis and vulnerability detection across pipelines.

- Conduct SAST and DAST assessments using industry-standard tools such as SonarQube, Checkmarx, Fortify, Veracode, Burp Suite, or similar.

- Analyze findings, prioritize vulnerabilities, and work closely with development teams to ensure timely remediation.

- Perform manual validation of critical vulnerabilities when required.

- Advocate and enforce shift-left security practices across development teams.

- Develop and maintain secure coding guidelines, security checklists, and best-practice documentation.

- Support secure architecture and design reviews.

- Monitor security risks and vulnerabilities through automated pipelines and dashboards.

- Work with security teams to respond to threats, incidents, and high-risk vulnerabilities.

- Implement proactive measures to reduce attack surfaces across cloud and on-prem environments.

- Manage security tools, maintain configuration, update rulesets/policies, and optimize scan accuracy.

- Maintain version control repositories and ensure compliance with secure development processes.

- Collaborate with developers, QA, DevOps, and cloud teams to embed security into delivery workflows.

- Conduct workshops and training on secure development and vulnerability remediation.

Required Skills & Experience :

- Hands-on experience with SAST/DAST tools (e.g, Checkmarx, Fortify, SonarQube, Veracode, Burp Suite, OWASP ZAP).

- Strong understanding of secure SDLC, application security principles, and OWASP Top 10.

- Proven experience integrating security tools into CI/CD pipelines.

- Proficiency with DevOps tools and environments : Jenkins, GitHub Actions, GitLab CI, Azure DevOps, etc.

- Experience with scripting languages such as Python, Bash, PowerShell, or Groovy.

- Knowledge of cloud platforms (AWS, Azure, or GCP) and cloud security best practices.

- Familiarity with container security (Docker, Kubernetes, image scanning tools).

- Understanding of vulnerability management processes and remediation workflows.

- Experience with source code scanning, dependency scanning, and secret scanning tools