Cyber Security Engineer - DevSecOps

SIDRAM TECHNOLOGIES • Full-time • Dallas, TX, US • 2m ago

Hello,

Good Morning!

Hope you are doing well.

This is Steve from Sidram Technologies. We have an immediate

requirement for Cyber Security Engineer - DevSecOps, and I have found your profile in Ceipal, it aligns the best with the client's needs.

Please find the JD below and let me know your thoughts on it.

Title: Cyber Security Engineer - DevSecOps

Location: Dallas, TX (5 day onsite)

Job Description

Minimum Qualifications:

Expertise in secure API integration design and implementation
Expertise in the OWASP top 10 for web applications, and LLMs along with mitigation and remediation techniques
Bachelor's degree in Computer Science, Information Technology, or a related field.
Extensive experience in cybersecurity within software engineering environments.
Experience with a programming language (C/C++, Python, Go, JavaScript / TypeScript, Rust)
Proficiency in cloud security, threat detection, data analysis, and incident response.
Expertise with security tools such as BurpSuite, PyRIT, Garak, MitM, Metasploit, Wireshark, Wiz, Sonarqube
Experience standing up Security tooling to automate security hygiene, analysis, reporting or otherwise host tools or enhance intel capabilities
Strong technical knowledge of microservice architecture, content distribution networks, data lakes, serverless functions, and databases.
Familiarity with various cloud platforms and DevOps tools.
Excellent analytical and problem-solving skills.
Strong communication skills, both written and verbal.
Ability to independently develop and implement security solutions.
Experience in developing and implementing automated security testing functions.

Key Responsibilities

Threat Modeling: Develop and maintain comprehensive threat models across embedded platforms, cloud services, and software applications to proactively identify, prioritize, and mitigate potential vulnerabilities throughout the system development lifecycle.
Embedded Platform Penetration Testing: Conduct regular penetration tests and security assessments of embedded platforms to proactively identify and remediate vulnerabilities unique to embedded systems and hardware integration.
Cloud-hosted Application Penetration Testing: Conduct regular penetration tests and security assessments on cloud-hosted applications to proactively identify and remediate vulnerabilities unique to embedded systems and hardware integration.
Red-Teaming AI-Backed Services: Conduct regular adversarial testing and red-teaming exercises focused on AI-powered services and machine learning models. Proactively identify and exploit potential vulnerabilities unique to AI systems and collaborate with legal and engineering teams to remediate security risks specific to AI and automated decision-making capabilities.
Threat Detection and Analysis: Utilize advanced security tools like Cloud Security Posture Management platforms, open-source pen-testing tools, SIEMs, and SASTs to identify, analyze, validate, and stop vulnerabilities from entering the environment. Perform regular penetration testing and vulnerability assessments.
Data Analysis and Security Monitoring: Conduct comprehensive analysis of security data from microservice architectures, content distribution networks, data lakes, serverless functions, and databases. Use SIEM tools to correlate security events and identify anomalies.
Incident Response and Management: Participate in incident response efforts, perform root cause analysis, and implement or suggest corrective actions to mitigate security breaches. Develop and maintain incident response playbooks.
Supply Chain Security: Assess and mitigate security risks associated with the supply chain, like open source libraries, ensuring end-to-end security
Software Security Flaws Mitigation: Identify and address software security flaws and misconfigurations to enhance overall security posture. Perform code reviews and static/dynamic analysis. Languages include but not limited to Python, C++, C#, JS, Python, HCL
Security Solutions Development: Develop and implement custom security solutions, minimizing reliance on paid services. Create security automation scripts and integrate security tools into CI/CD pipelines.
Automating Security Test Functions: Develop and implement automated dynamic security testing functions to ensure continuous security validation.

Preferred Qualifications

Master’s degree in Computer Science or relevant field of study.
Cyber related certifications such as CompTIA CySA+,, CISSP, CHFI, OSCP.
Experience in digital forensics.
Working experience within a DevSecOps environment.

Steve

IT Services | Development | Staffing

URL: http:/www.sidramtech.com | Email: Steve@sidramtech.com

Direct: 470-208-7308

Led by 25+ Years of Industry Experience

E-Verify® is a registered trademark of the U.S. Department of Homeland Security.

SIDRAM TECHNOLOGIES participates in the Employment Eligibility Verification Program (E-Verify) offered by USCIS.

www.dhs.gov/E-Verify