Senior DevSecOps Engineer

職務概要

- Conduct manual and automated secure source code reviews in platforms such as Kotlin, Node.js, Android, iOS, and Python. - Perform mobile application penetration testing to identify and remediate vulnerabilities in Android and iOS apps. - Perform penetration testing on APIs, GraphQLs, and web interfaces to uncover and mitigate risks. - Conduct threat modelling and establish threat profiles to identify, quantify, and mitigate application security risks. - Collaborate with development, infrastructure, and networking teams to deliver secure application solutions. - Review and secure mobile and web APIs (REST, SOAP), ensuring proper SSL/TLS implementation. - Integrate security testing into CI/CD pipelines using tools such as GitHub Actions. - Use SAST/SCA/DAST tools to identify and remediate vulnerabilities. - Apply industry best practices including OWASP Top 10 for web, mobile, APIs, and OWASP ASVS. - Contribute to the development and enforcement of internal application security standards and policies. - Stay current with emerging threats, vulnerabilities, and security technologies, including AI-related security risks and defences. - Perform and automate BAU application security, offensive security, and vulnerability management tasks.