DevSecOps Engineer
Description
About Apexon:
Apexon is a digital-first technology services firm specializing in accelerating business transformation and delivering human-centric digital experiences. We have been meeting customers wherever they are in the digital lifecycle and helping them outperform their competition through speed and innovation.
Apexon brings together distinct core competencies – in AI, analytics, app development, cloud, commerce, CX, data, DevOps, IoT, mobile, quality engineering and UX, and our deep expertise in BFSI, healthcare, and life sciences – to help businesses capitalize on the unlimited opportunities digital offers. Our reputation is built on a comprehensive suite of engineering services, a dedication to solving clients’ toughest technology problems, and a commitment to continuous improvement.
Backed by Goldman Sachs Asset Management and Everstone Capital, Apexon now has a global presence of 15 offices (and 10 delivery centers) across four continents.
We enable #HumanFirstDIGITAL
Role Description:
You’ll be responsible for (Responsibilities):
application security posture management, security orchestration, vulnerability & weakness assessments to improve resilience of the organization and its product portfolio.
Develop security-as-code & policy-as-code pipelines
● Manage vulnerabilities (3rd party) and weaknesses (1st party) in Client products,
evaluating the criticality for an adequate prioritization and providing the most suitable
remediation, working directly with the product teams as a trusted advisor
● Conduct vulnerability monitoring, (on-demand) vulnerability scanning and other security
testing activities
● Provide expertise to product teams and Affiliates to answer inquiries, pre-sales requests,
contract negotiations and other cybersecurity-related customer support
● Contribute to initiatives within the Diagnostic Division to achieve the integration of
defense capabilities into the development of new products and in the update/upgrade,
maintenance and support of existing products in collaboration with Product Support teams.
● Develop and automate technical workflows for investigations and assessments for cyber
security vulnerabilities and drive onboarding of new products in Vulnerability Monitoring,
and provide training to relevant stakeholders in the organization regarding Vulnerability
Handling and Incident Response.
● Develop, maintain and continuously optimize processes, playbooks and tools for
Vulnerability Monitoring, Vulnerability Management, Incident Response, Threat
Intelligence and Security Testing.
● Evangelize security and privacy developing Security Champions across departments
involved in the product development and operations
● Maintain the product security controls and awareness supporting other Chapters
(Solution Architecture, Product Support and Compliance/Privacy).
You’ll have (Qualification & Experience):
- Bachelor's Degree in related field is required.
- Requirements:
● Minimum 3 years of related work experience in SDLC & cloud ops
● Demonstrated soft skills: problem solving, leadership, communication, teamwork,
flexibility and adaptability.
● Team player, proactive, self-driven, self-motivated, solution-oriented, hands-on.
● Demonstrated experience in Cloud computing technologies, full stack deployments etc.
● Demonstrated experience in K8S, AWS or GCP, Docker and other cloud native tools
● Demonstrated experience in Jenkins/ArgoCD/Tekton or another common CI/CD tool
chain
● Demonstrated skills in Sigstore, SBOM, SLSA and secure software supply chain
management.
● Ability to develop Terraform, K8S manifests or other forms of infrastructure as code
● Ability to codify Rego or Cedar policies
● Demonstrated experience in SAST & DAST tools (Checkmarx, Snyk, Mayhem,
BurpSuite, ZAP etc)
● Demonstrated experience automating security controls (eg shell scripting, python)
● In-depth experience in managing information security and privacy risks and threat
modeling.
● In-depth experience in vulnerability handling pre and post-market launch
● In-depth experience in system and cloud infrastructure hardening
● Strong understanding of industry standards: ISO 27000 family and HITRUST
● BA/BS in Business, Information Systems, Computer Science or a related relevant area
of study is a plus
● Certifications are a plus: SANS GIAC (GCIH, GPEN, GCIA, GCFA and others) , CEH,
CISSP, CISA, CISM, LA ISO27001.
Don’t worry if you don’t check all the boxes; we’d still love to hear from you.
Our Commitment to Diversity & Inclusion:
Did you know that Apexon has been Certified™ by Great Place To Work®, the global authority on workplace culture, in each of the three regions in which it operates: USA (for the fourth time in 2023), India (seven consecutive certifications as of 2023), and the UK.
Apexon is committed to being an equal opportunity employer and promoting diversity in the workplace. We take affirmative action to ensure equal employment opportunity for all qualified individuals. Apexon strictly prohibits discrimination and harassment of any kind and provides equal employment opportunities to employees and applicants without regard to gender, race, color, ethnicity or national origin, age, disability, religion, sexual orientation, gender identity or expression, veteran status, or any other applicable characteristics protected by law.
You can read about our Job Applicant Privacy policy here Job Applicant Privacy Policy (apexon.com)
Our Perks and Benefits:
Our benefits and rewards program has been thoughtfully designed to recognize your skills and contributions, elevate your learning/upskilling experience and provide care and support for you and your loved ones.
As an Apexon Associate, you get continuous skill-based development, opportunities for career advancement, and access to comprehensive health and well-being benefits and assistance.
We also offer:
- Health Insurance with Dental & Vision
- 401K Plan
- Life Insurance, STD & LTD
- Paid Vacations & Holidays
- Paid Parental Leave
- FSA Dependent & Limited Purpose care
- Learning & Development