| DevSecOps Engineer role || NJ Onsite at Remote, Remote, USA |
| Email: [email protected] |
| From: Naveen Kumar, C4iTechnologies Inc [email protected] Reply to: [email protected] Role: DevSecOps Engineer Location: NJ - Onsite Job Description: Mandatory skills: Python, Terraform, Application Security Testing (AST) or any SAST tools exp. Reduction in number of vulnerabilities in applications deployed at Regeneron. 2. Support application teams in vulnerability reduction 3. Prioritize vulnerabilities and focus on the most important vulnerabilities that are affecting runtime execution. 4. Reduce the amount of scanning required by providing visibility into repository and branch ageing so that old applications can be potentially archived from the repository. 5. Provide application context of vulnerabilities as opposed to repo reports. 6. Build templatized pipeline to include rule driven AST in the DevOps pipeline. 7. Drill down to issues and its impact and help developers to get to the IDE with recommendations for fixes so that it is easy for the development team to fix it. 8. Live vulnerability dashboard that can be available to stakeholders and Application development team for periodic reviews. 9. Easy access to past reports so that we can track if the same vulnerabilities are reported multiple times and not fixed. 10. Facilitate the CAB process by providing required data and visibility. Follow up to seek exception when number and type of vulnerabilities breach configured thresholds. Proactively Support the SAST platform of choice such as Veracode or any additional future platforms application lifecycle version control, upgrades, license management, etc. 3. Introduce SCA, SBOM, DAST and Runtime Analysis as a part of the AST pipeline templates once the rollout plan is finalized. 4. Support the developer community onboarding users to Veracode or any other future platform, and ongoing support for use of Veracode and for secure coding practices. 5. Proactively provide support to developers and explain the reasons for detected vulnerabilities, including engaging Veracode if needed. 6. Help developers to remediate any vulnerabilities found in Veracode scan reports. 7. Follow up with AST vendor and application developers to resolve potential false positives or unresolved issues. 8. Guide and help developers to configure the Jenkins pipeline using AST-Policy scan-template which will run automatically as a part of continuous deployment process. 9. Rescan all previously scanned repos on a scheduled basis as well as on new code check-in. 10. Manage and support AppSec environments. 11. Monitor, track and report all application scans in Veracode. 12. Follow up on the policy exception creation as needed and track policy exceptions. 13. User off-boarding and Application Off-boarding. 14. Build Daily/Weekly/Monthly Vulnerability Reports and Dashboard. Keywords: information technology New Jersey |
| [email protected] View all |
| Thu Feb 29 23:10:00 UTC 2024 |