AppSec Engineer - Los Angeles, United States - Motion Recruitment Partners LLC

Description

AppSec Engineer / Pipeline Security / DevSecOps

Los Angeles, California

Open to Remote

Contract

$80/hr - $85/hr

My client is a top streaming company and they are looking for an application pipeline security engineer/DevSecOps to help lead and execute various Application Pipeline Security initiatives and build robust automation frameworks.

Responsibilities:

Work with the various BU stakeholders who manage code pipelines to ensure they are including our security testing and tools in those pipelines.

Document and inventory engineering pipelines, pipeline owners, and communicate our standards and minimum-security requirements to them.

Create processes that are adaptable to evolving technologies and conduct Proof of Concept (POC)/Proof of Value (POV) exercises for application security.

Enforce pipeline requirements:
Ensure that secure pipeline best practices are being followed by developers (encrypt

environment variables when possible, proper secrets management, etc.)

Ensure all source code is onboarded and being tested for security vulnerabilities with current

company SAST/secret scanning solution.

Ensure that container security agents are deployed to application infrastructure in dev, staging, and production.

Ensure that logging/endpoint security agents are deployed in pipelines. The Logging and

Endpoint Leads will work directly with stakeholders on actual deployments and training.

Ensure that applications are protected by WAF (Akamai, Signal Science, AWS WAF, )

Ensure that applications are onboarded into DAST platform.

Ensure that critical applications are added to the Pen Testing queue.

Work closely with SAST/DAST/Container Security/CSPM platform leads.

Work with broader teams on tagging/automations for critical applications. This is more process or standards based than hands on.

Develop strategies and coordinate with stakeholders on remediation prioritization.

Mobile Application Security Testing



Qualifications:
5+ years of Application Security and software development experience required.

Experience with Vulnerability Management

Experience with SAST and DAST remediation

Experience with Container Scanning remediation

Experience with Sensitive Credential scanning in a SCM system.

Experience with Mobile Security remediation

Additional

Qualifications:
Experience driving projects with minimal supervision.

Goal driven individual with good technical, interpersonal, communication, and organizational skills.

Embraces and fosters "innovation" by working on new things in new ways every day.

Acts as an Information Security domain authority and is comfortable interacting with employees at all levels and roles

You will receive the following benefits:
Medical Insurance - Four medical plans to choose from for you and your family

Dental & Orthodontia Benefits

Vision Benefits

Health Savings Account (HSA)

Health and Dependent Care Flexible Spending Accounts

Voluntary Life Insurance, Long-Term & Short-Term Disability Insurance

Hospital Indemnity Insurance

401(k) including match with pre and post-tax options

Paid Sick Time Leave

Legal and Identity Protection Plans

Pre-tax Commuter Benefit

529 College Saver Plan

Motion Recruitment Partners is an Equal Opportunity Employer, including Veterans/Disability/Women.

All applicants must be currently authorized to work on a full-time basis in the country for which they are applying, and no sponsorship is currently available.

Accommodation will be provided in all parts of the hiring process as required under Motion Recruitment Employment Accommodation policy. Applicants need to make their needs known in advance.


Posted by:
John Bellon


Specialization:
Red Team