DevOps AppSec, Security Engineer
GXA
contract
Posted on:
Location Type: Remote
Location: Remote • 🇵🇰 Pakistan
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
AzureSOAP
About the role
- Guide developers and engineers on secure coding standards and practices.
- Perform code reviews and static/dynamic analysis to identify vulnerabilities.
- Integrate security tools into CI/CD pipelines for automated scanning and compliance.
- Design and implement authentication, authorization, and encryption for APIs and applications.
- Assess and remediate risks in REST/SOAP integrations, data pipelines, and custom applications.
- Collaborate with the vISM and Security Team to manage vulnerability identification, tracking, and remediation across applications and infrastructure.
- Coordinate and support penetration testing activities, including scoping, execution, and remediation of findings.
- Conduct security assessments for new and existing systems, documenting risks and recommending mitigation strategies.
- Develop and maintain threat models for applications and infrastructure.
- Respond to security incidents, perform root-cause analysis, and document lessons learned.
- Support compliance initiatives (e.g., GDPR, HIPAA, PCI-DSS) and assist with audit preparation and evidence collection.
- Build and maintain security automation scripts and workflows (e.g., for vulnerability scanning, alerting, and compliance checks).
- Integrate security monitoring into Azure Pipelines, Data Factory, and related services.
- Maintain comprehensive security documentation, diagrams, and operational procedures.
- Work with Business Analysts to translate security requirements into actionable specifications.
- Educate stakeholders on security risks, trade-offs, and mitigation strategies.
- Participate in client meetings to address security concerns and present solutions.
Requirements
- Proficiency in secure coding, application security frameworks (OWASP, NIST), and vulnerability management.
- Experience with security tools (SAST, DAST, dependency scanning, SIEM).
- Strong understanding of authentication, authorization, and encryption protocols.
- Familiarity with CI/CD pipelines, Azure DevOps, and security automation.
- Experience with penetration testing methodologies and remediation processes.
- Ability to investigate, respond to, and remediate security incidents.
- Skill in root-cause analysis and forensic investigation.
- Ability to explain technical security concepts to non-technical stakeholders.
- Experience working with cross-functional teams (engineering, business analysis, operations, security).
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
secure codingapplication security frameworksvulnerability managementauthentication protocolsauthorization protocolsencryption protocolspenetration testing methodologiesroot-cause analysisforensic investigationsecurity assessments
Soft skills
collaborationcommunicationstakeholder educationproblem-solvinganalytical thinkingtechnical explanationcross-functional teamworkrisk assessmentdocumentationincident response