Application Security Engineer

1. Security Assessment Reviews:

• Review and approve SAST, DAST, and SCA testing results for applications within our build pipelines.
• Provide remediation guidance to application development teams.
• Onboard new applications to security testing.

2. Sonatype Lifecycle and Nexus Firewall:

• Monitor, triage, assign, and report Sonatype-identified CVEs detected within our codebase.
• Assist Azure developers, data scientists, and actuaries with the implementation of Nexus Firewall to prevent malicious or non-compliant components from being introduced to local repositories.
• Conduct regular Nexus Firewall audits to ensure no malicious components have bypassed the firewall.
• Integrate Sonatype-identified vulnerabilities into the aggregation and reporting performed by our ASOC tooling on our application portfolio.

Qualifications

• Proven experience in application security, including SAST, DAST, and SCA testing.
• Strong development background in Java or .NET applications.
• Experience with Sonatype Lifecycle and Nexus Firewall management.
• Strong problem-solving skills and attention to detail.
• Excellent communication and collaboration skills.