DevSecOp Engineer

Location Bangrak
Discipline IT
Salary 90K-120K
Job Start Date

​Qualifications:

• Ensure that the Static Application Security Testing (SAST) environment is performing optimally

• Provide education and guidance about SAST tools and process best practices

• Ensure compliance with applicable Policies, Standards, Requirements and Directives

• Assist with audits to demonstrate compliance

• Schedule, scope and prioritize SAST assessments of applications

• Identify, document, rate, and communicate vulnerabilities to responsible teams

• Reproduce, demonstrate and retest vulnerabilities

• Maintain awareness of security issues amongst development community

• Continually improve SAST process and environment

• Provide expertise in Continuous Test/Integration/Deployment platforms

Requirement

• 3+ years of application security experience

• Must be familiar with OWASP top ten understanding of vulnerability governance and reporting

• Working experience with Software Composition Analysis (SCA) tools - Black Duck, Sonatype Nexus, etc.

• Working experience with Static Application Security Testing (SAST) tools - Fortify, Checkmarx, Veracode, etc.

• Experience in consuming APIs

• Experience with cloud security - AWS Cloud preferred

• Experience with code repository management platforms - GitHub, BitBucket, GitLab

• Experience developing cloud native CI/CD workflows and tools, such as Jenkins, Circle CI and/or GitLab

• Experience with infrastructure automation tools and coding/scripting (i.e. ansible, terraform, python, Shell script)

• Fluent in Linux OS (i.e. Ubuntu, Debian)

• Must be a team player with great interpersonal skills