Sr. Security Engineer
Long Term Contract
Atlanta.GA
Sr. Application & Cloud Container Security Engineer
As an experienced security engineer, I excel at solving advanced technical problems and leveraging top-tier security tools. I thrive in collaborative environments, building strong relationships with peers, managers, and technical teams. My expertise spans application security testing, cloud security, and DevSecOps, allowing me to drive security improvements and ensure the robustness of applications.
Qualifications
- Education: B.S. in Computer Science, Computer Engineering, Information Assurance, or related field.
- Experience: 5+ years in application security, penetration testing, security assessment, or secure software development.
- Hands-on experience with Cloud (AWS, Azure, GCP) and DevSecOps technologies.
- Expertise in DevSecOps processes, including integration of tools such as GitLab/GitHub, Jenkins, SonarQube, Docker, Kubernetes, and Ansible.
- Deep understanding of AWS Well-Architected Framework or TOGAF, with proven ability to design secure solutions.
- Proficiency with cloud infrastructure, particularly within AWS.
- Strong troubleshooting skills for cloud controls and application vulnerabilities.
- Comprehensive knowledge of the OWASP Top 10 and vulnerability assessment.
- Experience integrating security capabilities into cloud and application lifecycle management platforms, especially within DevOps models.
- Proficient with static analysis and flaw triage tools (e.g., HP Fortify, Veracode, Coverity).
- Excellent communication skills, with a strong sense of urgency and ownership.
Preferred:
- Extensive experience in ethical hacking and application security exploitation.
- Strong background in secure coding practices and software development.
- Professional certifications (AWS Practitioner, CISSP, Cloud Security certifications).
Key Responsibilities
- Conduct Static (SAST), Dynamic (DAST), and Source Code Analysis (SCA) using tools like Veracode.
- Assess and review open-source components, identifying vulnerabilities and recommending security improvements.
- Integrate security practices into DevSecOps pipelines for cloud platforms like AWS, Azure, GCP.
- Design and maintain cloud-based DevSecOps processes across technical teams, securing applications and infrastructure.
- Provide operational support for container security tools such as Prisma, Aqua, Wiz, and others.
- Review and validate container images, applying security best practices to reduce risk.
- Perform security assessments for web applications, APIs, and container environments.
- Guide development teams in securely integrating applications into CI/CD pipelines (Jenkins, GitLab, Tekton).
- Develop and present remediation reports and findings to stakeholders across all departments.
- Promote awareness of secure coding practices within development teams and improve security testing methodologies.
"All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.”