Cyber Security Engineer - DevSecOps

Hello, Good Morning! Hope you are doing well. This is Steve from Sidram Technologies. We have an immediate requirement for Cyber Security Engineer - Dev Sec Ops , and I have found your profile in Ceipal, it aligns the best with the client's needs.

Cyber Security Engineer - Dev Sec Ops

Dallas, TX (5 day onsite)

• Expertise in secure API integration design and implementation
• Expertise in the OWASP top 10 for web applications, and LLMs along with mitigation and remediation techniques
• Bachelor s degree in Computer Science, Information Technology, or a related field
• Extensive experience in cybersecurity within software engineering environments
• Experience with a programming language (C/C++, Python, Go, JavaScript / Type Script, Rust)
• Proficiency in cloud security, threat detection, data analysis, and incident response
• Expertise with security tools such as Burp Suite, PyRIT, Garak, MitM, Metasploit, Wireshark, Wiz, Sonarqube
• Experience standing up Security tooling to automate security hygiene, analysis, reporting or otherwise host tools or enhance intel capabilities
• Strong technical knowledge of microservice architecture, content distribution networks, data lakes, serverless functions, and databases
• Familiarity with various cloud platforms and Dev Ops tools
• Excellent analytical and problem-solving skills
• Strong communication skills, both written and verbal
• Ability to independently develop and implement security solutions
• Experience in developing and implementing automated security testing functions

• Threat Modeling:
  Develop and maintain comprehensive threat models across embedded platforms, cloud services, and software applications to proactively identify, prioritize, and mitigate potential vulnerabilities throughout the system development lifecycle
• Embedded Platform Penetration Testing:
  Conduct regular penetration tests and security assessments of embedded platforms to proactively identify and remediate vulnerabilities unique to embedded systems and hardware integration
• Cloud-hosted Application Penetration Testing:
  Conduct regular penetration tests and security assessments on cloud-hosted applications to proactively identify and remediate vulnerabilities unique to embedded systems and hardware integration
• Red-Teaming AI-Backed Services:
  Conduct regular adversarial testing and red-teaming exercises focused on AI-powered services and machine learning models. Proactively identify and exploit potential vulnerabilities unique to AI systems and collaborate with legal and engineering teams to remediate security risks specific to AI and automated decision-making capabilities
• Threat Detection and Analysis:
  Utilize advanced security tools like Cloud Security Posture Management platforms, open-source pen-testing tools, SIEMs, and SASTs to identify, analyze, validate, and stop vulnerabilities from entering the environment. Perform regular penetration testing and vulnerability assessments
• Data Analysis and Security Monitoring:
  Conduct comprehensive analysis of security data from microservice architectures, content distribution networks, data lakes, serverless functions, and databases. Use SIEM tools to correlate security events and identify anomalies
• Incident Response and Management:
  Participate in incident response efforts, perform root cause analysis, and implement or suggest corrective actions to mitigate security breaches. Develop and maintain incident response playbooks
• Supply Chain Security:
  Assess and mitigate security risks associated with the supply chain, like open source libraries, ensuring end-to-end security
• Software Security Flaws Mitigation:
  Identify and address software security flaws and misconfigurations to enhance overall security posture. Perform code reviews and static/dynamic analysis. Languages include but not limited to Python, C++, C#, JS, Python, HCL
• Security Solutions Development:
  Develop and implement custom security solutions, minimizing reliance on paid services. Create security automation scripts and integrate security tools into CI/CD pipelines
• Automating Security Test Functions:
  Develop and implement automated dynamic security testing functions to ensure continuous security validation

• Master’s degree in Computer Science or relevant field of study
• Cyber related certifications such as CompTIA CySA+, CISSP, CHFI, OSCP
• Experience in digital forensics
• Working experience within a Dev Sec Ops  environment

Steve

IT Services | Development | Staffing

URL:  | Email:

Direct:

E-Verify® is a registered trademark of the U.S. Department of Homeland Security. SIDRAM TECHNOLOGIES participates in the Employment Eligibility Verification Program (E-Verify) offered by USCIS.(Use the "Apply for this Job" box below).-Verify