Associate DevSecOps Engineer

Associate DevSecOps Engineer

Wilmington, DE

Monday - Friday 8:00 - 5:00 

Onsite/Hybrid

Some of the things you'll be doing: 

• Provide expertise in the DevSecops ,specializing in web application security, SCA, SAST, and DAST services
• Developing Policies to protect web application and API’s from malicious payload attacks, provide virtual patching capabilities and validation with Security Testing.
• Assist in developing an automated security framework for robust deployment tools and processes, leveraging various scripting languages and open-source solutions.
• Manage and maintain Web Application Firewall (WAF) inventory, ensuring effective configuration, monitoring, and reporting.
• Contribute to observability initiatives by integrating security telemetry, dashboards, and alerts into monitoring systems.
• Explore and apply AI-driven security solutions for anomaly detection, threat prediction, and automated remediation.Help evolve CSC’s application security functions and services.
• Identify security exposures and develop mitigation plans.
• Identify, report and fix technical debt.
• Assist Senior Application Security on all application security activities.
• Be productive and participate in security initiatives with minimal supervision.
• Experience with SAST (Static Application Security Testing), SCA (Software Composition Analysis), DAST (Dynamic Application Security Testing), and IaC (Infrastructure as Code) tools.
• Experience with data visualization tools (e.g., Power BI).
• Familiarity with securing architecture, APIs, and web applications.
• Knowledge of common and emerging security threats.
• In-depth knowledge of security best practices.
• Exceptional analytical aptitude and attention to detail.
• Excellent communication skills.
• Fast learner / a strong willingness to learn.
• Good team player who is self-motivated and well organized.

What technical skills, experience, and qualifications do you need?

• 0-2 years of experience in an Application Security or related position.
• Familiarity in designing, implementing solutions like SAST (Static Application Security Testing), SCA (Software Composition Analysis), DAST (Dynamic Application Security Testing), and IaC (Infrastructure as Code) tools.
• Familiarity with Information Security frameworks/standards (e.g., CIS, NIST, RFC2196).
• Familiarity with common security libraries, security controls, and common security flaws.
• Strong troubleshooting and problem-solving mindset.
• Exposure or familiarity with Python, PowerShell, and/or Bash.
• Experience with SQL databases.
• Familiarity with securing cloud environments and knowledge of cloud platforms.
• Understanding the application development process.
• Understanding DevSecOps principles and practices.Familiarity with DevSecOps ecosystem: Terraform, Ansible, GitHub, Jenkins, Azure DevOps, SAST, DAST & SCA
• Knowledge of Cloud & Kubernetes Resource Security, Secure Network and Architecture, SDLC standard and policies.
• Familiarity with Web App Protection AWS and Azure App Protection Policy, Configuration, and Security Management tools
• Expertise in Programming languages Python, NodeJS, SQL query and Vulnerable Code remediation. 
• Stay up to date with the latest application security threats and trends.
• Understanding of observability tools and practices (e.g., logging, metrics, tracing) to enhance security visibility.
• Interest in leveraging AI/ML techniques for proactive security monitoring and threat detection.

#CSC #CSCCareers #LI-HL1