About the Role:
Design and implement secure coding practices by integrating SAST, DAST, and SCA tools into the client’s SDLC. Ensure alignment with industry best practice and the client’s security policies. Automate SAST/DAST/SCA scans within the CI/CD pipelines (Jenkins, GitHub Actions) and ensure seamless tool integration.
Key Responsibilities:
- Architect and customize SAST/DAST/SCA tools for SAT’s tech stack (e.g., .NET, Java).
- Develop security rules to minimize false positives/negatives.
- Collaborate with DevOps teams to embed security into CI/CD pipelines.
- Conduct threat modelling and vulnerability assessments.
- Configure APIs for tool integration (e.g., Jira, Splunk).
- Develop Infrastructure-as-Code (IaC) scripts using Terraform/Ansible.
- Collaborate with QA teams to optimize scan accuracy.
- Monitor pipeline performance and scalability.
- Create user guides and API documentation.
- Conduct knowledge transfer workshops.
Requirements:
- Bachelor’s degree in Computer Science, Cybersecurity, or related field (mandatory).
- CISSP/CISM certification (mandatory).
- AWS/Azure DevOps, Terraform Associate.
- ISTQB, Certified Tester Foundation Level (CTFL).
- 5+ years’ experience in application security architecture (large-scale implementations), 7+ preferred.
- Experience in DevOps/DevSecOps,
- Experience in security testing (tools like Burp Suite, OWASP ZAP)
- Expertise in tools like Checkmarx, Fortify, or GitLab Ultimate.
- Knowledge of OWASP Top 10 vulnerabilities and remediation strategies.