Elfonze Technologies

Security Operations Support

Elfonze Technologies

full-time

Posted on:

Location Type: Remote

Location: India

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AzureCloud

About the role

  • Deep technical knowledge of the OWASP Top 10, Cloud Security Posture Management (CSPM), CVSS scoring, and software supply chain security.
  • Lead DevSecOps Advocacy and Training: Provide clear guidance to Engineering and Product teams to foster a culture of shared security responsibility.
  • Embed Security into CI/CD Pipelines: Partner with DevOps teams to integrate "shift-left" controls, quality gates, and automated security testing (SAST/SCA/IaC) into actions.
  • Build DevSecOps Dashboards and Reporting: Develop executive-level KPIs/KRIs covering vulnerability aging, MTTR (Mean Time to Remediate), pipeline pass/fail rates, and measurable risk reduction across the enterprise.
  • Own software supply chain security (SCA): Utilize JFrog Xray for policy enforcement, including vulnerable dependency detection, license governance, and automated blocking of malicious components within the artifact repository.
  • Drive Static Analysis (SAST) and Code Quality: Use SonarQube to partner with development teams, reducing critical/high findings and implementing sustainable coding standards that are integrated directly into the developer's IDE and pull request workflow.
  • Conduct Dynamic Testing (DAST): Coordinate testing using Burp Suite to validate exploitability and reproduce issues, while working to automate baseline DAST scans within the CI/CD pipeline.
  • Lead the end-to-end vulnerability lifecycle: discovery, triage, risk assessment, prioritization, remediation tracking, validation, and closure across Azure cloud environments.
  • Operate and optimize Microsoft Defender for Cloud (Azure Defender) and Defender for Endpoint: Improve cloud security posture, reduce misconfigurations, and drive remediation across compute, networking, storage, identity, and container workloads (AKS/OCR).

Requirements

  • 5-7 years of Application security and Vulnerability management experience
  • Certifications (one or more highly preferred):
  • CEH
  • OSCP
  • CSSLP
  • GWAPT
Benefits
  • Health insurance
  • 401(k)
  • Flexible work hours
  • Paid time off
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
OWASP Top 10Cloud Security Posture ManagementCVSS scoringsoftware supply chain securityDevSecOpsSASTSCAIaCStatic AnalysisDynamic Testing
Soft Skills
leadershipcommunicationcollaborationguidanceadvocacy
Certifications
CEHOSCPCSSLPGWAPT