AppSec Engineer / Pipeline Security / DevSecOps

My client is a top streaming company and they are looking for an application pipeline security engineer/DevSecOps to help lead and execute various Application Pipeline Security initiatives and build robust automation frameworks.

Responsibilities:

• Work with the various BU stakeholders who manage code pipelines to ensure they are including our security testing and tools in those pipelines.
• Document and inventory engineering pipelines, pipeline owners, and communicate our standards and minimum-security requirements to them.
• Create processes that are adaptable to evolving technologies and conduct Proof of Concept (POC)/Proof of Value (POV) exercises for application security.
• Enforce pipeline requirements:
  • Ensure that secure pipeline best practices are being followed by developers (encrypt
  • environment variables when possible, proper secrets management, etc.)
  • Ensure all source code is onboarded and being tested for security vulnerabilities with current
  • company SAST/secret scanning solution.
  • Ensure that container security agents are deployed to application infrastructure in dev, staging, and production.
  • Ensure that logging/endpoint security agents are deployed in pipelines. The Logging and
  • Endpoint Leads will work directly with stakeholders on actual deployments and training.
  • Ensure that applications are protected by WAF (Akamai, Signal Science, AWS WAF, Edg.io)
  • Ensure that applications are onboarded into DAST platform.
  • Ensure that critical applications are added to the Pen Testing queue.
• Work closely with SAST/DAST/Container Security/CSPM platform leads.
• Work with broader teams on tagging/automations for critical applications. This is more process or standards based than hands on.
• Develop strategies and coordinate with stakeholders on remediation prioritization.
• Mobile Application Security Testing

Qualifications:

• 5+ years of Application Security and software development experience required.
• Experience with Vulnerability Management
• Experience with SAST and DAST remediation
• Experience with Container Scanning remediation
• Experience with Sensitive Credential scanning in a SCM system.
• Experience with Mobile Security remediation

Additional Qualifications:

• Experience driving projects with minimal supervision.
• Goal driven individual with good technical, interpersonal, communication, and organizational skills.
• Embraces and fosters “innovation” by working on new things in new ways every day.
• Acts as an Information Security domain authority and is comfortable interacting with employees at all levels and roles

You will receive the following benefits:

• Medical Insurance - Four medical plans to choose from for you and your family
• Dental & Orthodontia Benefits
• Vision Benefits
• Health Savings Account (HSA)
• Health and Dependent Care Flexible Spending Accounts
• Voluntary Life Insurance, Long-Term & Short-Term Disability Insurance
• Hospital Indemnity Insurance
• 401(k) including match with pre and post-tax options
• Paid Sick Time Leave
• Legal and Identity Protection Plans
• Pre-tax Commuter Benefit
• 529 College Saver Plan

Motion Recruitment Partners is an Equal Opportunity Employer, including Veterans/Disability/Women. All applicants must be currently authorized to work on a full-time basis in the country for which they are applying, and no sponsorship is currently available. Accommodation will be provided in all parts of the hiring process as required under Motion Recruitment Employment Accommodation policy. Applicants need to make their needs known in advance.