Job Description

Responsibilities:

• Software Development Experience

• Looking for candidates from development teams who have 7-9 years - (1) 3-5 yrs in software development experience using languages like Java, Python, .Net, C#, JavaScript or Typescript

• SAST & SCA Experience

• Must have 4-5 yrs experience with Secure Code Reviews

• Required Hands-on experience in using enterprise code (SAST) scanning tools like CodeQL, Fortify, Checkmarx, and GitHub Advanced Security (GHAS) Secrets scanning. Experience in CodeQL and GHAS is preferred

• Experience in identifying & managing potential false positives identified by SAST tools listed above.

• Required Hands-on experience in using Software Composition Analysis (SCA) tool. Hands-on Exp on tools like Dependabot, Endor, Mend, Snyk, and/or Black Duck are preferred.

• Required Have knowledge and understanding of OWASP Top 10 vulnerabilities

• Experience with DevOps practices - Build & Deployment (CI/CD) pipelines - Jenkins, Azure DevOps, GitHub Actions

• Experience in collaborating with developers and engineers, to apprise them about vulnerabilities & assist in remediation of the same.

• Infrastructure as a Code Scanning

• Strong understanding of AWS services and security controls around these services.

• Experience in Infrastructure as a Code (IaC) scanning, using Chekov Tool (by Prisma Cloud) or Wiz Code.

• Salesforce APEX Code Scanning

• Understanding of security vulnerabilities in the Salesforce APEX source code

• Experience in APEX Code Scanning using Digitec Tool
• Scripting Experience:

• Experience in Scripting languages such as PowerShell or Python to build Automation.

Qualifications:
BTech in Computer Sciences (Preferred)

Skills Required