Start Date: Interview Types Skills Devops,Linux,kuberne.. Visa Types Green Card, US Citiz.. Top Skills' Detail
-Bachelor's degree with 8+ years' experience
-Experience with cybersecurity best practices including ISO, SOC, OWASP, MITRE, and Microsoft standard
-Experience audit existing solutions or environments against Security and GRC standard
- Experience w/ Github, Github Advanced Security and Wiz
- Experience working with Microsoft Dynamics 365
Secondary Skills - Nice to Haves
- Devops
- Linux
- kubernetes
- AWS
- bash scripting
- jenkins
- CI/CD
- git
Job Description
Position's Contributions to Work Group:
At Cat Digital, every software engineer is the one who cares the most about their application. As a Senior Application Security Engineer, you will work as a technical leader within a portfolio of related applications to guide software engineers on cybersecurity issues, influence security and prioritization decisions at the bug or story level and act a trusted partner in their mission to deliver solutions securely.
You will be responsible for delivering a suite of security services according to internal processes and standards, including:
1. Security Defect Management - Analyzing, validating, communicating, and consulting on security defects identified by both automated and manual sources such as CodeQL, Rapid7 Web Application Security, penetration testing, bug bounty, etc. In other words, our security engineers are partners to software engineers who require accurate information on why a vulnerability exists and what they can do about it.
2. Engineering Consulting - Serving as a "best friend" to software engineers, architects, product owners, and leaders, provide contextually-aware guidance to help these groups make good decisions, document those decisions and resulting architectures, and navigate relevant review & approval processes (where necessary) when implementing new features and remediating existing issues.
3. Tool Enablement - Enabling and monitoring automated defect detection tooling (CodeQL, Rapid7, etc.) at the repository or application level according to established process.
4. Security Test Onboarding & Management - Collecting and communicating required scope and access information for penetration testing and security assurance assessments, as well as handling the output of these assessments via our Defect Management Process.
5. Maturity Measurement - Consulting with software engineers on practices which will improve their application's security maturity according to scorecards and maturity models established by Cat Digital.
6. Correction of Error - Authoring, in close partnership with software engineers, correction of error reports which help engineers and architects across Cat Digital avoid similar mistakes in their own applications.
Typical task breakdown:
- Provide security consulting and perspective during architectural discussions and decision making.
- Consult with solution developers to ensure understanding of security principles and best practices.
- Triage security vulnerabilities and recommend and/or execute remediations or mitigations.
- Engage with business personnel including project managers, products owners, and end-users as needed providing well-rounded contributions based on strong security expertise.
- Consult with solution architects, developers, cloud engineers, security engineers and other team members to ensure a successful project delivery.
- Contribute to and peer review various technical documents including security architecture diagrams and policy documents.
Additional Skills & Qualifications
- someone who is comfortable in working in a R&D setting and take on admin tasks when needed.
-- Experience with Entra, Azure, and Power Platform administration through portals, CLI, and CI/CD
Employee Value Proposition (EVP)
Gain experience working with an enterprise level company.
Work Environment
- DevOps Team consists of 13 currently and will be supporting a new project that has 60+ project members. This team also supports other established applications within the organization.
- This team is cross-functional. Successful team members will be expected to think outside the box, learn new skills, etc., to support each other and the project.
Business Drivers/Customer Impact
New program that is built on the Dynamics 365 platform, which is a new area for the current team. They do not have any existing talent that can support this platform.
