Shape the future of secure software delivery by joining a growing Information Security team focused on building a robust, enterprise-wide Application Security (AppSec) program from the ground up. In this role, you will architect and operationalize security tooling across development pipelines, ensuring vulnerabilities are identified early and remediated efficiently.
What You’ll Do
- Deploy and manage a range of application security testing tools—including static, dynamic, interactive, and software composition analysis—to detect weaknesses throughout the development lifecycle.
- Establish centralized visibility into security findings by implementing and maintaining Application Security Posture Management (ASPM) platforms that reduce noise and streamline reporting.
- Integrate security testing seamlessly into large-scale CI/CD environments using platforms like GitHub Actions and Azure DevOps, ensuring minimal friction for development teams.
- Develop automation scripts and workflows using Python to enhance tool interoperability, improve response times, and scale security operations across the organization.
- Collaborate with engineering and security stakeholders to deliver clear, actionable insights and ensure security keeps pace with rapid development cycles.
What We’re Looking For
- A Bachelor’s degree with 7 years of relevant experience, a Master’s with 6 years, or a PhD with no experience required.
- At least 4 years of hands-on work in DevSecOps, DevOps, or Site Reliability Engineering roles.
- Proven experience implementing and supporting SAST, DAST, IAST, and SCA tools in production environments.
- Solid background in designing and optimizing CI/CD pipelines at enterprise scale, with strong scripting skills in Python.
- Ability to translate technical results into clear documentation and communicate effectively across technical and non-technical audiences.
Nice-to-Have Experience
- Working knowledge of ASPM platforms to improve risk visibility and developer integration.
- Experience securing containers and artifacts through image scanning, dependency validation, and pre-deployment checks using tools like Snyk or JFrog Artifactory.
- Familiarity with administering Snyk in large, complex environments.
