AppSec Engineer
1 month ago
Responsibilities: Work with the various BU stakeholders who manage code pipelines to ensure they are including our security testing and tools in those pipelines. Document and inventory engineering pipelines, pipeline owners, and communicate our standards and minimum-security requirements to them. Create processes that are adaptable to evolving technologies and conduct Proof of Concept (POC)/Proof of Value (POV) exercises for application security. Enforce pipeline requirements: Ensure that secure pipeline best practices are being followed by developers (encrypt environment variables when possible, proper secrets management, etc.) Ensure all source code is onboarded and being tested for security vulnerabilities with current company SAST/secret scanning solution. Ensure that container security agents are deployed to application infrastructure in dev, staging, and production. Ensure that logging/endpoint security agents are deployed in pipelines. The Logging and Endpoint Leads will work directly with stakeholders on actual deployments and training. Ensure that applications are protected by WAF (Akamai, Signal Science, AWS WAF, Edg.io) Ensure that applications are onboarded into DAST platform. Ensure that critical applications are added to the Pen Testing queue. Work closely with SAST/DAST/Container Security/CSPM platform leads. Work with broader teams on tagging/automations for critical applications. This is more process or standards based than hands on. Develop strategies and coordinate with stakeholders on remediation prioritization. Mobile Application Security Testing Qualifications: 5+ years of Application Security and software development experience required. Experience with Vulnerability Management Experience with SAST and DAST remediation Experience with Container Scanning remediation Experience with Sensitive Credential scanning in a SCM system. Experience with Mobile Security remediation Additional Qualifications: Experience driving projects with minimal supervision. Goal driven individual with good technical, interpersonal, communication, and organizational skills. Embraces and fosters “innovation” by working on new things in new ways every day. Acts as an Information Security domain authority and is comfortable interacting with employees at all levels and roles
-
AppSec Engineer
2 weeks ago
Los Angeles, United States Motion Recruitment Partners LLC Full timeAppSec Engineer / Pipeline Security / DevSecOps Los Angeles, California Open to Remote Contract $80/hr - $85/hr My client is a top streaming company and they are looking for an application pipeline security engineer/DevSecOps to help lead and execute various Application Pipeline Security initiatives and build robust automation...
-
AppSec Engineer
2 weeks ago
Los Angeles, United States Motion Recruitment Full timeMy client is a top streaming company and they are looking for an application pipeline security engineer/DevSecOps to help lead and execute various Application Pipeline Security initiatives and build robust automation frameworks. Responsibilities: Work with the various BU stakeholders who manage code pipelines to ensure they are including our security...
