We are looking for two Security Engineers for our client in India to analyze, fix, and manage the security vulnerabilities identified. The ideal candidate will work closely with CIC development teams to remediate security issues and create/review Pull Requests(PRs) to maintain security posture. You will play a key role in maintaining CIC security posture.Responsibilities:Analyze/review vulnerabilities detected by industry-standard vulnerability management tools.Prioritize and remediate security vulnerabilities in open-source dependencies and third-party libraries.Collaborate with development and security teams to update, and patch vulnerable dependencies and ensure updates don’t include new vulnerabilities.Create, test, review, and merge PRs with a focus on security best practices.Create security automation scripts to streamline the patching process where applicable.Responsibilities:Triaging vulnerabilities identified from application security reviews, Pentesting, SAST, DAST, and SCA sources.Drive the prioritization and remediation plan for vulnerabilities in partnership with CIC engineering teams.Build security automation for internal use that enables Security Engineering to operate at high speed and wide scale.Apply the knowledge of OWASP Top 10 to assess the risk impact of vulnerabilities, review remediation proposals, and retest the vulnerabilities to ensure the remediation properly addresses the vulnerabilities.Provide support in grooming vulnerability backlog and vulnerability metrics reports.Skills:Our Ideal Candidate will have:Strong experience in software development.Experience with SCA/SAST tools (Snyk, Dependabot, Semgrep, Qualys)Strong understanding of dependency management in languages such as Python, NodeJS, and Go-lang.Experience in Secure Coding and Vulnerability Remediation (OWASP Top 10, CVE analysis, CVSS scoring)Hands-on experience with version control(Git, Github)Hands-on experience with CI/CD pipelines(GithubActions, Jenkins)Ability to create, test, and review PRs with a security mindsetFamiliarity with Jira and JQL queryStrong debugging and troubleshooting skills for security vulnerabilities.This is a hands-on role where we are looking for someone who is accountable for the completion of the vulnerability mitigationExperience with remote work and distributed teamsNice to have:Any cloud infrastructure automation skills ( Terraform )Familiarity with cloud security(AWS, Azure) and container security(Docker, Kubernetes best practices)
Job Title
Security Engineer