Basic Qualifications and
-
Design, implement, and maintain infrastructure as code solutions for managing and protecting cloud resources, ensuring scalability, resilience and security
- Contribute to the security hardening efforts and producing sensible baseline configurations for all key *Client's* systems
- Lead the application security processes including managing the existing security tools in the CI/CD pipelines, reviewing proposed project architectures, initial threat modeling, triage of the identified application security defects and the suggested fixes
- Work closely with the development teams to promote best application security practices
- Work closely with the infrastructure and the DevOps teams to ensure consistent implementation of the security standards including the remediation of the identified gaps in the security posture
- Contribute to the bug bounty triage and remediation processes
Responsibilities
Required Skills and Experience
You bring:
- Bachelor's degree in computer science, Information Technology, or a related technical area
- 8+ years proven experience in Appsec (web, api, mobile) or related role
- 3+ years of experience in cloud environments. (AWS preferred)
- Proficient in Bash, Powershell or other scripting languages.
- Familiar with the Infrastructure as Code and “desired state” concepts including tools such as Terraform, Salt, Chef, Puppet etc
- Knowledge of common attack vectors including OWASP Top 10
- Experience in automating build and deployment infrastructure built on Kubernetes, Docker etc.
- Experience in python programming or other shell scripting language
- Experience with CI/CD tools (e.g., Jenkins, CircleCI) and version control systems (e.g., git)
- Excellent problem-solving and communication skills
Preferred Qualifications:
- In-depth knowledge of containerization technologies (Docker), orchestration (Kubernetes) and infrastructure as code (Terraform)
- Proficiency in deploying, monitoring, and scaling containerized applications on AWS using EKS, serverless, and ensuring high availability and performance
- Proficiency in application security assessments, penetration testing, red team, purple team