Job Description
The role of the Application Security Specialist is to protect software development lifecycle by focusing on pipeline security, configuration, automation, and DevSecOps practices.
As a critical member of our team, you will ensure that security is integrated into every stage of development, from code creation to deployment, minimizing vulnerabilities and reducing risk to the business.
Key Responsibilities:
* Implement and maintain security controls within CI/CD pipelines to ensure secure application delivery.
* Automate vulnerability scanning, static/dynamic application security testing (SAST/DAST), and software composition analysis (SCA) into the development pipelines.
* Monitor and manage security vulnerabilities found in dependencies and third-party libraries.
* Develop, automate, and maintain security policies and configurations to streamline security processes and reduce manual intervention.
* Build automated solutions for security testing, code review, and infrastructure provisioning (Infrastructure as Code).
* Ensure secure configuration of application environments, infrastructure, and platform services.
* Implement secure defaults in deployment pipelines, including for containers, Kubernetes, and cloud environments.
* Collaborate with development, operations, and security teams to integrate security into the development lifecycle (Shift Left Security).
* Promote and advocate for secure coding practices and educate teams on security best practices and tooling.
* Participate in security incident response for pipeline and application-level security events, performing root cause analysis and implementing long-term remediation.
* Create processes for monitoring and responding to security alerts in real-time.
* Continuously improve security toolchains by integrating the latest security tools and technologies into DevSecOps workflows.
* Conduct regular security reviews and audits of pipelines, infrastructure, and application code to identify and remediate vulnerabilities.
* Ensure compliance with security standards, policies, and regulatory requirements throughout the development lifecycle.
* Implement security policies in pipelines to prevent unauthorized changes or deployments.
* Harden container images and implement security measures for container orchestration (e.g., Kubernetes) to mitigate risks.
* Secure cloud environments (AWS, Azure, GCP) by automating security configurations and applying best practices.
* Monitor and collect security metrics and KPIs to measure the effectiveness of security controls within the pipelines.