Software Engineer III

Key Responsibilities

• Secure and maintain microservice applications and CI/CD pipelines.
• Implement DevSecOps strategies in ongoing and new projects.
• Develop and apply security controls to strengthen pipelines and application posture.
• Conduct threat modeling and security design reviews for new projects.
• Collaborate with developers to remediate vulnerabilities in applications.
• Monitor security events using SIEM tools such as Grafana, Loki, and Azure Sentinel.
• Investigate and respond to security incidents, conduct root cause analysis, and implement preventive actions.
• Maintain incident response playbooks and security documentation.
• Establish secure coding standards and deliver developer training.
• Integrate security gates into deployment pipelines (Dev Non-Prod Prod).

Requirements

• Deep understanding of OWASP Top 10 vulnerabilities and mitigation techniques.
• Working knowledge of security frameworks like NIST, CIS Benchmarks, and MITRE ATT&CK.
• Proficiency in the Secure Software Development Lifecycle (SSDLC).
• Experience with cloud IAM, VPNs, network security, and encryption standards.
• Hands-on experience with container security (Docker, Kubernetes) and IaC security (Terraform, ARM templates).
• Ability to read and review Java code for vulnerabilities.
• Strong understanding of API security (OAuth 2.0, JWT, SAML, OpenID Connect).
• Familiarity with Spring Boot security, CI/CD security, and GitHub Actions.
• Experience integrating SAST, DAST, and dependency scanning into pipelines.
• Hands-on use of security testing tools (Burp Suite, OWASP ZAP, Nmap, Wireshark).
• Proficiency in Python, Bash, or PowerShell scripting.
• Ability to communicate technical risks effectively to non-technical stakeholders.

Preferred Qualifications

• Security certifications: CISSP, CEH, OSCP, Azure Security Engineer Associate.
• Experience in regulated industries like finance or insurance.
• Understanding of data privacy regulations and PII/PHI handling.
• Background in penetration testing or red teaming.
• Contributions to open-source security projects.

Experience and Education

• 4+ years in Application Security, DevSecOps, or Software Engineering with security focus.
• 3+ years securing cloud environments (Azure preferred, AWS acceptable).
• Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience).