Security Engineer

Security Engineer Code Review, Cloud & Audit Automation

Job Summary

The Security Engineer will lead and coordinate secure source code reviews, support automation and audit processes using SonarQube, and drive attack path mitigation on Azure and AWS. The role involves collaborating with application, infrastructure, and infosec teams to remediate vulnerabilities, manage cloud source code repositories, and automate CI/CD integrations for security and compliance initiatives.

Key Responsibilities

1. Source Code Review & SonarQube Onboarding

Perform manual secure code reviews for application code and Docker configurations

Identify vulnerable Python packages and Docker images, guiding teams for mitigation

Guide application teams through SonarQube scan processes; assist with scan execution and remediation follow-up

Onboard new users to SonarQube, manage documentation, user access, and role assignments

2. Advisory & CNAPP Audit (Azure/AWS)

Conduct impact analysis on cloud security alerts and recommend/implement mitigation strategies

Coordinate with internal stakeholders, Infosec, and support teams to ensure timely remediation of vulnerabilities

3. Cloud Source Code Cleanup & Automation

Develop automation scripts for AWS Code Commit backup, restore, and cleanup of unused repos

Coordinate mitigation of source code and repository findings with application teams

4. VAPT Audit & Mitigation Coordination

Liaise with Infosec and external partners to initiate and follow up on cloud/app VAPT audits

Track and report progress on assessments and re-assessments, enabling completion and remediation

5. Automation & Integration

Integrate and automate SonarQube service with CI/CD pipelines covering Azure DevOps and AWS Code Commit

Maintain and update integrated security audit trackers across CNAPP, VAPT, and other relevant platforms

Required Qualifications

Bachelors degree in Computer Science, Information Security, Engineering, or related field

4+ years enterprise experience in application/cloud security, code review, or DevSecOps

Strong skills in secure coding best practices, code review (manual/automated with SonarQube), and CI/CD integration

Proficiency with AWS and Azure platforms, Python scripting/automation, and VAPT coordination

Preferred Skills

Experience with CNAPP tools and source code repository automation (e.g., AWS Code Commit, Git)

Familiarity with security alerting, attack path analysis, and orchestration in multi-cloud environments

Exposure to regulatory compliance, audit process, and writing robust technical documentation