We are seeking an Automated Security Scanning Analyst to enhance our cybersecurity efforts by integrating and automating security technologies within DevOps pipelines. The ideal candidate will have experience with SAST, DAST, and container security tools, alongside proficiency in industry security tools like Checkmarx and Invicti. A solid understanding of security risks associated with web and mobile architectures, along with cloud environments (AWS, GCP, Azure), is essential. Join us to help strengthen our security posture and protect our applications!
Understanding of integration & automation of various security technologies including SAST, DAST, MAST, IAST, container security tools within DevOps tooling pipeline (Jenkins, GitHub, Chef, Ansible, Nexus, etc).
Proficiency in one or more industry security tooling (Checkmarx, Invicti(Netsparker), Quokka(Kryptowire), IriusRisk, Aquasec, etc.) would be beneficial.
Experience in DevSecOps with a focus on security.
Understanding of platform-specific security risks, common vulnerabilities for web and architectures that are commonly used by mobile application. (HTML, XML, JavaScript, JSON, REST, Microservices etc.).
Knowledge of security flaws in Java, J2EE, Objective C, Swift and Kotlin programming languages.
Understanding of common public cloud environment (including AWS, GCP, Azure, Alicloud).
Knowledge in implementing vulnerability identification tools within the development pipeline.
Knowledge of Common Vulnerability Scoring System (CVSS).
Knowledge of collaboration tools preferably JIRA and Confluence.
Understanding of emerging technologies and its corresponding security threats would be beneficial.
Strong analytical skills, including but not limited to attention to detail, research, data analysis, problem solving, evaluating and decision making.
