Job Description

DevSecOps Engineer
Job Number: 21-12347
 
Use your skills where innovative technology solutions begin. Eclaro is looking for an DevSecOps Engineer for our client in Jersey City, NJ.
 
Eclaro’s client is a leading technology solutions provider, collaborating with customers to manage their needs and achieve success in their business goals. If you’re up to the challenge, then take a chance at this rewarding opportunity!


Position Overview:
  • Integration, Management and configuration of DevSecOps Tools
  • Preparing security advisories and defining the severity levels for the vulnerabilities
  • Scanning, validation and reporting of vulnerabilities on daily and monthly basis
  • Preparing monthly security reports for the management
 
Responsibilities:
  • DevSecOps leader & Senior member of Security Testing Team
  • Conduct Security Testing at Application, Infrastructure level, Cloud, IOT & manage multiple delivery projects
  • Carrying out API Security testing
  • Train and build Team in Devsecop and Sec testing
  • Experienced in building automation in testing
  • Identify, test, and build exploits for OWASP Top 10 vulnerabilities.
  • Use a variety of commercial and open-source ethical hacking tools
  • Understand and exploit business logic flaws in web and mobile applications.
  • Have a broad understanding of cloud application deployment models.
  • Document every detail of the Test plans and environments to be executed by self and team.
  • Document defects and issues clearly in JIRA. Communicate the same to Product owners, Scrum Masters, Development team
  • Understand customer workflows and incorporate that knowledge into the test plans.
  • Managing projects and schedules.
  • Mentoring application security testers, providing guidance in testing techniques, and assisting in the development of exploits for complex vulnerabilities.
  • Improving testing techniques and methodology via original research, custom tool development, defining new testing standards, and aligning testing procedures with various industry standards (OWASP Top 10, OWASP ASVS, etc.).
 
Qualifications:
  • Technologies /Tools:
    • Security Tools - Fortify, Checkmarx, Burp suite, Accunetix, Qualys, Nessus, Veracode, IBM Appscan, Open Source Tools, Sonatype, Nexus etc.
    • Experienced & good knowledge of Devop Tools /technologies like Jenkins, Ansible, Chef, Docker, GitHub/Kubernetes/RedHat/Open Shift, Containers, Bug tracking tools, ticketing system etc.
  • Desirable: OSCP, CISSP
  • Compulsory: Certified Ethical Hacker (CEH), B Tech
  • Experience of building Security Gates / threshold levels for build pass/fail
  • API Security, Container Security implementation /good knowledge
  • Information Systems/Network Security experience
 
Required Skills:
  • Good communication skills
  • Hands on knowledge of Integration with bug tracking tools, ticketing system
  • Expert in Static Application Security Scan/Analysis (source code review) (SAST), Software Composition Analysis (SCA) & Dynamic Application Security Scan/Analysis (DAST)
  • Good knowledge of Application Threat Modeling, RASP, IAST
  • Implemented DevSecOps (Secure CI/CD integration)
  • Vulnerabilities Assessment and Penetration Testing (VAPT), Fuzz Testing at application + Infrastructure level
  • Demonstrated experience leading Security Design Reviews and/or Architecture Risk Analysis
  • Expertise in OWASP & Good knowledge of NIST, SANS, PCI, ISO 27001
  • Mobile Application Security testing
  • Proficient with manual and automated scanner approaches
  • Sound knowledge of DevOps environment
 
If interested, you may contact:
Alejandro Jose Soriano
Alejandro.Soriano@eclaro.com
6466952935


Equal Opportunity Employer: Eclaro values diversity and does not discriminate based on Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online