Devsecops & Application Security Analyst

About This RoleAbout the Role
- We are seeking a dynamic security professional who not only can lead vulnerability management efforts but who also thrives on integrating security into every stage of the software development lifecycle. In this role, you will serve as both an individual contributor and a vital team player, championing the adoption of DevSecOps best practices. You will leverage GitHub Advanced Security to safeguard our code and Microsoft Sentinel SIEM to continuously monitor and respond to threats across our environment. If you’re passionate about marrying development and security and driving proactive risk remediation, we want to hear from you.
- Key Responsibilities
- Vulnerability Management & Remediation:
- Coordinate and manage timely remediation of security vulnerabilities across a variety of technologies and platforms.- Identify, resolve, and document false positives within vulnerability assessment results.- Oversee weekly, monthly, and ad hoc vulnerability assessments on servers, endpoints, network assets, public-facing systems, and databases using tools like Rapid7, Burp Suite, GHAS and Qualys.- Manage scan configurations—including asset grouping, updating scan templates and engine pools, and scheduling scans—and troubleshoot issues such as authentication failures or asset misconfigurations.
- Tool & Process Integration:
- Deploy and maintain comprehensive vulnerability management tools (e.g., Qualys, Rapid7 architecture, scan engines, collector servers, agents, and query builders).- Collaborate with vendors and internal teams to ensure seamless tool integrations, support ticket management, and continuous improvement of scanning processes.
- DevSecOps Implementation:
- Integrate security practices into CI/CD pipelines by embedding automation and agile scanning tools throughout the development lifecycle.-
- GitHub Advanced Security:
- Utilize GitHub Advanced Security to perform code scanning and ensure that vulnerabilities are identified and communicated early in the development cycle.- Collaborate closely with development teams to remediate issues identified by GitHub Advanced Security and to implement best practices for secure coding.

Security Monitoring with Microsoft Sentinel SIEM:
- Utilize Microsoft Sentinel SIEM for continuous security monitoring by configuring alerts, correlating log data, and analyzing potential security incidents.- Investigate alerts and security incidents, providing detailed documentation and remediation action plans.
- Collaboration & Stakeholder Engagement:
Coordinate with core network, endpoint, and server teams to address patching priorities, target patch levels, and specific CVEs associated with identified vulnerabilities.
- Compliance & Continuous Improvement:
Demonstrate hands-on expertise with DAST, SAST, and SCA tools while continuously seeking opportunities to refine and enhance overall security posture.
- Required Skills & Qualifications
- Experience:
- Minimum of 3 years of direct experience handling vulnerability management tools (Rapid7, Burp Suite, GHAS, Qualys, Azure DevSecOps, Microsoft Sentinel, etc.) and 5 to 8 years in the information security domain.- Proven track record in implementing and managing DevSecOps practices across development pipelines.
- Technical Expertise:
- Strong working knowledge of vulnerability assessments, scan configurations, and management of related tools.- Demonstrated expertise with GitHub Advanced Security for code vulnerability scanning and remediation.- Proficiency in leveraging Microsoft Sentinel SIEM for threat monitoring, event correlation, and incident response.
- Certifications (required):
- Certified Ethical Hacker- Rapid7 Certified Administrator- Qualys Certification- Azure DevSecOps- Microsoft Certified: Cybersecurity Architect Expert- GitHub Advanced Security Certification- Additional certifications such as Security+ or ITIL are advantageous; relevant DevSecOps credentials are a plus.
- Additional Attributes:
- Excellent teamwork and communication skills with a proactive mindset geared toward continuous process improvement.- Capacity to effectively collaborate with cross-functional teams, vendors, and business unit owners while driving results in a fast-paced environment.-
- Why Join Us?
- In this pivotal role, your expertise in both traditional vulnerability management and modern DevSecOps practices will directly influence our security posture. By embedding advanced tools like GitHub Advanced Security and Microsoft Sentinel SIEM into our daily operations, you will play a critical role in fortifying our digital infrastructure while fostering a culture of proactive security.
- If you’re driven to innovate at the intersection of development and security, eager to lead cutting-edge initiatives, and ready to make a lasting impact, we encourage you to apply.

Position Type

Regular

CAE thanks all applicants for their interest. However, only those whose background and experience match the requirements