Amp; APPLICATION SECURITY, Texas

<. data-end="506" data-start="481"> Key Responsibilities

Security by Design: Embed security requirements into CI/CD pipelines, infrastructure-as-code (IaC), and application architectures.

Automation & Tooling: Configure and maintain security scanning tools (SAST, DAST, SCA, container scanners) within automated build and deployment workflows.

Vulnerability Management: Triage, prioritize, and remediate vulnerabilities discovered in code, containers, and cloud environments; drive fixes and track metrics.

Incident Response Support: Assist in investigation of security incidents related to applications or infrastructure; write playbooks and run tabletop exercises.

Infrastructure Security: Implement and enforce secure configuration and hardening standards for cloud platforms (AWS, Azure, GCP) and Kubernetes clusters.

Policy & Compliance: Define, document, and enforce security policies, standards, and guidelines aligned with industry frameworks (OWASP, CIS Benchmarks, NIST).

Threat Modeling & Risk Assessment: Lead or participate in threat modeling sessions for new features; provide risk-based recommendations.

Training & Evangelism: Conduct security awareness workshops for developers and DevOps teams; champion shift-left security culture.

<. data-end="1800" data-start="1772"> Required Qualifications

Experience: 5+ years in DevSecOps, cloud security, or application security roles.

Security Toolchain: Hands-on with static analysis (e.g., SonarQube, Fortify), dynamic analysis (e.g., ZAP, Burp Suite), software composition analysis (e.g., Snyk, Black Duck), and container scanning (e.g., Clair, Trivy).

CI/CD Integration: Expertise automating security gates in Jenkins, GitLab CI/CD, GitHub Actions, or equivalent.

Cloud & IaC: Proficiency with AWS/Azure/GCP security services, Terraform/CloudFormation, and Kubernetes security (PodSecurityPolicy, OPA/Gatekeeper).

Programming/Scripting: Strong skills in Python, Go, or Bash for automation and custom tool development.

Standards & Frameworks: Deep understanding of OWASP Top 10, CIS Benchmarks, NIST 800-53/800-190.

Vulnerability Management: Solid experience with vulnerability scanners (Nessus, Qualys) and issue-tracking systems.

<. data-end="2774" data-start="2745"> Preferred Qualifications

Certifications: CISSP, CSSLP, GCP Professional Cloud Security Engineer, AWS Security Specialty, or equivalent.

DevOps Background: Prior hands-on experience in software development, infrastructure engineering, or platform engineering.

Container Security: Familiarity with service meshes (e.g., Istio), runtime protection tools (e.g., Falco), and supply chain security (e.g., Sigstore).

Threat Client & Red Teaming: Experience with penetration testing, threat intelligence feeds, or purple-team exercises.