Job Title: Senior Application Security / DevSecOps Engineer

Location: Iselin, NJ / Charlotte, NC / Irving, TX/Minneapolis,  MN - Chandler, AZ (Hybrid)

Pay Range: $60/hr - $70/hr

Must Haves:

• 5+ years of Information Security Engineering experience (Certification in information security (CISSP, CISM, CEH, etc.)
• 5+ years of experience as Application Security and DevSecOps engineer collaborating with developers to adopt and mature secure development
• 3+ year’s experience in one or more of programming languages (.Net, C#, Java, RUST, C++)
• Ability to write automation scripts in Python, PowerShell to support internal projects
• Experience with CI/CD pipelines and related technologies (e.g., GitHub, Jenkins, Maven, Artifactory, Harness, Xray, Curation)
• Good understanding of Secure Software development lifecycle
• Strong knowledge of OWASP Top 10 or CWE
• Detailed oriented - must be able to create documentation on different SCA procedures and tool configuration
• Experience with Jira/Confluence
• Experience with container security working with technologies like k8s and container technologies such as Openshift

Day to Day:

• Managing security automation tools with main focus on SCA (i.e. Checkmarx One, BlackDuck) and other tools in the ecosystem along with supporting operational management with regularly scheduled upgrade of the tools
• Interface with various internal teams ServiceNow AVR, DevOps and vulnerability operations team to make sure SCA vulnerabilities are identified and recorded per the application security policies and guidance
• Collaborate with security architecture teams to design vulnerability management workflow, establish best practices and design guidance to optimize experience for developers
• Adversarial security analysis on various application security requirements 
• Work with application security governance teams, risk & compliance partners on audits and recommending relevant policies
• Collaborate with technology pipeline teams to improve code quality and vulnerability detection 
• Analyze, enhance, architect and support container security tools and platforms
• Design and build advanced security solutions to strengthen open source software supply chains for effective automation and management

Plusses:

• Familiarity and experience with AI tools supporting false positives reduction, auto code remediation, open-source threat intelligence would be preferred

The Company offers the following benefits for this position, subject to applicable eligibility requirements: medical insurance, dental insurance, vision insurance, 401(k) retirement plan, life insurance, long-term disability insurance, short-term disability insurance, paid parking/public transportation, paid time off, paid sick and safe time, hours of paid vacation time, weeks of paid parental leave, and paid holidays annually – as applicable.