SquareShift - Security Engineer - DevSecOps

<p><p>We are seeking a talented Security Engineer to join our team.<br/><br/> The ideal candidate should have a strong background in production security, DevSecOps, and extensive experience with SDLC practices and multiple security tools, including but not limited to Qualys, Black Duck, and JFrog X-ray.<br/><br/> As a Security Engineer, you will be responsible for ensuring robust security practices and implementing cutting-edge security measures to protect our systems and data.</p><p><br/><b>Vulnerability Management :</b><br/><br/>The core responsibilities for the job include the following :<br/><br/>- Own end-to-end vulnerability lifecycle for a given Business Unit, consisting of multiple enterprise-level products.(SaaS and on-prem).<br/><br/>- Triage, track, Correlate, and remediate vulnerabilities from tools like Black Duck, Prisma Cloud, Qualys, Jfrog Xray, etc.<br/><br/>- Understanding the working of these tools and mapping in a common tool.<br/><br/>- Coordinate with business security leads to plan patching strategies and risk mitigation.</p><p><br/><b>Security Automation :</b><br/><br/>- Integrate security scanning tools into common tools.<br/><br/>- In progress and SLA tracking for all the vulnerabilities, and will work closely with the respective business units.<br/><br/>- Develop dashboards and reports for compliance and leadership visibility.<br/><br/>- Write a high-level design to automate a few of the manual tasks.</p><p><br/><b>Collaboration And Governance :</b><br/><br/>- Work cross-functionally with product teams and stakeholders.<br/><br/>- Contribute to security policies, standards, and best practices.<br/><br/>- Participate in incident response and post-mortem analysis.</p><p><br/><b>Requirements :</b><br/><br/>- Publish security advisories on high-priority vulnerabilities (CVEs).<br/><br/>- Helping Junior team members with security aspects.<br/><br/>- Kubernetes, container build pipeline, and repository platform knowledge are a plus.<br/><br/>- Familiarity with vulnerability scoring models like CVSS, EPSS, and BDSA</p><br/></p> (ref:hirist.tech)