AppSec, DevSecOps Engineer – Mid

📋 Description

• Act as a technical authority for Application Security (AppSec) and DevSecOps, integrating security throughout all phases of projects.

• Incorporate security measures into the software development lifecycle (Secure SDLC / Shift Left).

• Create, standardize, and uphold secure, reusable, automated, and version-controlled CI/CD pipelines.

• Apply DevSecOps practices and controls within continuous delivery processes.

• Execute risk assessments, threat modeling, and security evaluations for applications and architectures.

• Conduct triage, analysis, and vulnerability management, assisting developers in resolving issues.

• Manage and operate SAST, DAST, SCA, container security, and Infrastructure as Code (IaC) tools.

• Carry out security-centric code reviews, particularly for .NET Core and Node.js applications.

• Work within Cloud environments, assessing architectures and security measures.

• Ensure compliance with governance and regulatory standards such as ISO 27001, SOC 2, and PCI DSS.

• Develop scripts and automations for security controls and SIEM/SOC integration.

• Foster advocacy, mentorship, and training for technology teams in secure development practices.

⛳️ Requirements

• Extensive experience in Application Security (AppSec) and/or DevSecOps.

• Practical knowledge of Secure SDLC and Shift Left methodologies.

• Proficient with CI/CD pipelines (e.g., Azure DevOps, GitHub Actions, GitLab CI, Jenkins).

• Familiar with SAST, DAST, and SCA tools.

• Understanding of .NET Core and Node.js for code assessment and review.

• Background in vulnerability assessment and remediation.

• Knowledgeable in Cloud Computing (AWS, Azure, or GCP).

• Familiar with containerization (Docker/Kubernetes) and IaC (Terraform, ARM, CloudFormation).

• Strong grasp of secure architecture and Threat Modeling principles.

• Relevant security certifications (e.g., CSSLP, CEH, Security+, AZ-500, AWS Security).

• Previous involvement with SIEM/SOC.

• Familiarity with OWASP Top 10, ASVS, and SAMM.

• Experience in regulated or high-criticality environments.

🏝️ Benefits

•