Devsecops Engineer - IQ/PR/02

The ideal candidate will play a critical role in embedding security into our CI/CD pipelines, integrating various security tools, and ensuring robust governance for secure deployment practices.

Key Responsibilities:

1. Integration with CI/CD Pipelines:

• Work closely with development and DevOps teams to seamlessly integrate security into the CI/CD process.
• Ensure all security tools and processes are automated within the pipeline.

2. SAST, SCA, and DAST Tool Integration:

• Configure and manage HCL AppScan for Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST).
• Integrate security tools like AppScan into Jenkins for automated scanning and reporting.
• Manage tool upgrades and troubleshoot integration issues.

3. Custom Scripting for Automation:

• Develop scripts and plugins to automate the integration of security tools.
• Enhance reporting and notifications for identified vulnerabilities.

4. Security Governance in Deployment:

• Define and implement security gates and approvals in the CI/CD process.
• Monitor and manage security risks associated with deployments.

5. Continuous Improvement:

• Evaluate and adopt new tools and practices to enhance application security.
• Ensure compliance with organizational security policies and industry standards.

Required Skills and Qualifications:

• Technical Expertise:

• Hands-on experience with CI/CD pipelines and tools such as Jenkins etc.
• Proficient in integrating SAST, SCA, and DAST tools (preferably HCL AppScan) into CI/CD workflows.
• Scripting skills required for integration / automation.

• Security Knowledge:

• Deep understanding of application security concepts and best practices.
• Familiarity with OWASP Top 10 and secure coding guidelines.

• Automation & Monitoring:

• Experience with creating security gates, approval workflows, and vulnerability management processes.
• Knowledge of monitoring and managing deployment risks in cloud and on-prem environments.

• Soft Skills:

• Strong problem-solving and analytical skills.
• Excellent collaboration and communication abilities.

Preferred Qualifications:

• Experience with cloud platforms like AWS, Azure, or GCP.