Security Engineer - SAST/DAST (3-5 yrs)

Responsibilities :

- Implement and manage security application testing tools to identify vulnerabilities in our systems and applications.

- Utilize the NIST security testing framework to guide security assessments and ensure compliance with industry standards.

- Proactively identify security vulnerabilities, potential breaches, and security risks within our infrastructure.

- Develop and implement security strategies, controls, and procedures to mitigate identified risks.

- Automate security processes and integrate security controls within our infrastructure as code (IaC) for enhanced efficiency.

- Conduct thorough testing of new systems and applications to ensure security best practices are followed.

- Continuously monitor security threats and implement measures to detect and respond to potential incidents.

- Collaborate effectively with cross-functional teams (developers, architects, IT operations) to integrate security considerations throughout the development lifecycle.

- Possess excellent communication skills to clearly document security findings, recommendations, and procedures.

- Champion a culture of continuous improvement by identifying opportunities to enhance our security posture and adapt to evolving threats.

- Conduct threat modeling exercises to identify potential attack vectors and develop mitigation strategies.

- Participate in establishing and improving incident response procedures to minimize the impact of security breaches.

- Develop and deliver security training programs to educate developers on secure coding practices.

- Promote cybersecurity awareness across the organization to foster a security-conscious culture.

Qualifications :

- Bachelor's degree in Computer Science, Information Security, or a related field (preferred).

- 3+ years of experience in security engineering or a related role.

- Strong understanding of security principles, threats, and vulnerabilities.

- Experience with security application testing tools (SAST, DAST).

- Familiarity with the NIST security testing framework.

- Experience with automating security processes using scripting languages or tools.

- Experience working in a cloud environment (AWS, Azure, GCP) is a plus.

- Excellent analytical and problem-solving skills.

- Strong communication, collaboration, and interpersonal skills.

- A proactive and detail-oriented approach to security.

- A passion for learning and staying up-to-date with the latest security trends.