Lead Info Security Engineer

Software Development Experience

Looking for candidates from development teams who have 7-9 years:

1) 3-5 years in software development experience using languages like Java, Python, .Net, C#, JavaScript or Typescript

SAST & SCA Experience

Must have 4-5 years experience with Secure Code Reviews

Hands-on experience in using enterprise code (SAST) scanning tools like CodeQL, Fortify, Checkmarx, and GitHub Advanced Security (GHAS) Secrets scanning. Experience in CodeQL and GHAS is preferred.

Experience in identifying & managing potential false positives identified by SAST tools listed above.

Hands-on experience in using Software Composition Analysis (SCA) tool.

Hands-on Exp on tools like Dependabot, Endor, Mend, Snyk, and/or Black Duck are preferred.

Have knowledge and understanding of OWASP Top 10 vulnerabilities

Experience with DevOps practices - Build & Deployment (CI/CD) pipelines – Jenkins, Azure DevOps, GitHub Actions

Experience in collaborating with developers and engineers, to apprise them about vulnerabilities & assist in remediation of the same.

Infrastructure as a Code Scanning

Strong understanding of AWS services and security controls around these services.

Experience in Infrastructure as a Code (IaC) scanning, using Chekov Tool (by Prisma Cloud) or Wiz Code.

Salesforce APEX Code Scanning

Understanding of security vulnerabilities in the Salesforce APEX source code.

Experience in APEX Code Scanning using Digitec Tool

Scripting Experience:

Experience in Scripting languages such as PowerShell or Python to build Automation.

Qualifications:

BTech in Computer Sciences (Preferred)