Job Description

Responsibilities:

Software Development Experience

Looking for candidates from development teams who have 7-9 years - (1) 3-5 yrs in software development experience using languages like Java, Python, .Net, C#, JavaScript or Typescript
+

SAST

& SCA

Experience

+

Must have

4-5 yrs experience with Secure Code Reviews
+

Required

Hands-on experience in using enterprise code (SAST) scanning tools like CodeQL, Fortify, Checkmarx, and GitHub Advanced Security (GHAS) Secrets scanning. Experience in CodeQL and GHAS is preferred
+ Experience in identifying & managing potential false positives identified by SAST tools listed above.
+

Required

Hands-on experience in using Software Composition Analysis (SCA) tool. Hands-on Exp on tools like Dependabot, Endor, Mend, Snyk, and/or Black Duck are preferred.
+

Required

Have knowledge and understanding of OWASP Top 10 vulnerabilities
+ Experience with DevOps practices - Build & Deployment

(CI/CD)

pipelines -

Jenkins

, Azure DevOps,

GitHub Actions

Experience in collaborating with developers and engineers, to apprise them about vulnerabilities & assist in remediation of the same.

+

Infrastr

ucture as a Code Scanning

Strong understanding of AWS services and security controls around these services. Experience in Infrastructure as a Code (IaC) scanning, using Chekov Tool (by Prisma Cloud) or Wiz Code.

Salesforce APEX Code Scanning

Understanding of security vulnerabilities in the Salesforce APEX source code Experience in APEX Code Scanning using Digitec Tool

Scripting Experience:

Experience in Scripting languages such as PowerShell or Python to build Automation.



Qualifications:

BTech in Computer Sciences (Preferred)