Home

DevSecOps Engineer role at Remote, Remote, USA
Email: [email protected]
From:

Naveen Kumar,

C4i Technologies Inc

[email protected]

Reply to:   [email protected]

Role: DevSecOps Engineer

Location: NJ - Onsite

Looking for 10+ only. 

Job Description:

Mandatory skills: Application Security Testing (AST) or exp with any SAST tools 

Reduction in number of vulnerabilities in applications deployed at Regeneron.

2. Support application teams in vulnerability reduction

3. Prioritize vulnerabilities and focus on the most important vulnerabilities that are affecting runtime execution.

4. Reduce the amount of scanning required by providing visibility into repository and branch ageing so that old applications can be potentially archived from the repository.

5. Provide application context of vulnerabilities as opposed to repo reports.

6. Build templatized pipeline to include rule driven AST in the DevOps pipeline.

7. Drill down to issues and its impact and help developers to get to the IDE with recommendations for fixes so that it is easy for the development team to fix it.

8. Live vulnerability dashboard that can be available to stakeholders and Application development team for periodic reviews.

9. Easy access to past reports so that we can track if the same vulnerabilities are reported multiple times and not fixed.

10. Facilitate the CAB process by providing required data and visibility. Follow up to seek exception when number and type of vulnerabilities breach configured thresholds.

Proactively Support the SAST platform of choice such as Veracode or any additional future platforms application lifecycle version control, upgrades, license management, etc.

3. Introduce SCA, SBOM, DAST and Runtime Analysis as a part of the AST pipeline templates once the rollout plan is finalized.

4. Support the developer community onboarding users to Veracode or any other future platform, and ongoing support for use of Veracode and for secure coding practices.

5. Proactively provide support to developers and explain the reasons for detected vulnerabilities, including engaging Veracode if needed.

6. Help developers to remediate any vulnerabilities found in Veracode scan reports.

7. Follow up with AST vendor and application developers to resolve potential false positives or unresolved issues.

8. Guide and help developers to configure the Jenkins pipeline using AST-Policy scan-template which will run automatically as a part of continuous deployment process.

9. Rescan all previously scanned repos on a scheduled basis as well as on new code check-in.

10. Manage and support AppSec environments.

11. Monitor, track and report all application scans in Veracode.

12. Follow up on the policy exception creation as needed and track policy exceptions.

13. User off-boarding and Application Off-boarding.

14. Build Daily/Weekly/Monthly Vulnerability Reports and Dashboard.

--

Best Regards

Naveen Kumar

Manager Resource Development

C4i Technologies INC.

[email protected]

Phone : 713-565-1333

Desk 
: 713-565-1199 EXT: 115

Keywords: information technology New Jersey
[email protected]
View all
Tue Jan 09 00:59:00 UTC 2024

To remove this job post send "job_kill 992971" as subject from [email protected] to [email protected]. Do not write anything extra in the subject line as this is a automatic system which will not work otherwise.


Your reply to [email protected] -
To       

Subject   
Message -

Your email id:

Captcha Image:
Captcha Code:


Pages not loading, taking too much time to load, server timeout or unavailable, or any other issues please contact admin at [email protected]
Time Taken: 0

Location: ,