Role: DevSecOps+Security Engineer
Exp: 6+ yrs
Responsibilities
- Onboard application and development teams to SAST / SCA / DAST using a structured intake‑to‑handover model
- Execute baseline scans and define initial security posture per application/team.
- Connect repositories, validate scan execution, and establish ownership for steady‑state operations.
- Produce prioritized risk views to drive remediation of highest‑risk findings.
- Lead hands‑on remediation sessions with development teams.
- Triage findings, identify false positives, validate exploitability, and support fixes.
- Implement and standardize SAST using SonarQube / SonarCloud across CI/CD pipelines.
- Support Azure DevOps, GitHub Actions, and AWS DevOps, including PR decoration and automation.
- Rationalize rulesets and quality gates based on risk appetite and application criticality.
- Reduce false positives and ensure gates drive actionable remediation.
- Operationalize SCA using tools such as SonarCloud.
- Define triage workflows, ownership models, and SLA‑aligned remediation processes.
- Support DAST (Qualys) and runtime security operations in collaboration with security and platform teams.
- Define scan scoping, scheduling, authentication, and findings handover processes.
- Enable onboarding at scale using standard CI/CD templates, IaC baselines, and checklists.
- Reduce onboarding effort and improve consistency across teams.
- Deliver steady‑state handover artifacts.
- Create and maintain runbooks, onboarding playbooks, CI/CD guides, and troubleshooting SOPs.
You can share your updated resume to [Confidential Information] for immediate consideration along with below details:
Exp-
Notice Period-
CTC-
ECTC-
Current Location-
Open for Greater Noida-
