If you are an Amazing Developer who also knows application security cold, app sec tools and loves teaching and collaborating with developers in creating secure code and systems, then keep reading!
While we believe writing secure code is every developer’s responsibility, knowing what secure code looks like is not every developer’s forte. The DevSec engineer’s role is to work with the development team as an embedded representative of the OTS information security department. As a part of the dev team, you will manage the SSDLC (secure software development lifecycle), work with the development team to run, automate and review the output of SAST and DAST tools, and help the development team understand the issues raised and make risk-based decisions on whether and how to fix them.
We use a mix of technologies including Veracode, C#, Kong(NGINX), MS SQL, Oracle, PostgreSQL, Angular, React, WordPress, Pantheon, Splunk, Redis, Git, with a mix of Windows, Linux, On-Prem, Cloud, and SAAS systems.
You are a great match if you:
– Are an experienced developer in the technologies we describe above
– Are passionate about security and secure software development
– Understand Secure Software Development Lifecycles (SSDLC) and tools
– Have a security certification
– Have great people, communication, and mentoring skills,
– Are intimately familiar with the OWASP framework
– Have hands-on experience using SAST and DAST tools in the development lifecycle