Application Security Engineer - DevSecOps

JSR Tech Consulting is working with our direct Fortune 100 client to place an Application Support Engineer for a contract/contract to hire opportunity in the NYC metro area. Qualifications, Skills & ExperienceSkills: Experience with Application Security Testing - DAST/SAST/open-source Familiar with Jenkins based CI/CD Pipelines Working experience to implement and test automation scripts and setups Familiar with integrating security tools and providing vulnerability assessments. Leveraging tools such as Burp Suite Enterprise, Checkmarx, NowSecure, OWASP ZAP Understanding of OWASP Top 10 and SANS Top 25 vulnerabilities and how to remediate Working knowledge of using API to interact with web services provided by tools Conduct tool evaluations and build proof of concepts Integrate with reporting tools to provide consolidated view Ability to turn technical standards into working practice Assist in driving consistency and standardization of DevSecOps services across the enterprise Strong Automation, IaC skills (Ansible, Python). Maintain documentations and user guides Knowledge of security within cloud environment, especially around networking, security and administration A motivated and flexible approach to work in an adapting fast-moving Agile environment utilizing technology and tools such as Jira, Jira Align, Miro, Confluence. Can demonstrate strong performance ethos and personal commitment for outstanding customer service Ability to interface with both technical and non-technical teams Willingness to train and upskill on a continuous basis Excellent communication, time management and organizational skillsQualifications & Experience: Should be educated to degree Level in Digital Forensics, Information Security, DevOps or an IT related discipline Should hold relevant industrial security / DevSecOps / DevOps certifications, or willingness to acquire Provide security services and support for multiple LOBs. Interact directly with onshore and offshore team members to perform DevSecOps services. Will be responsible for implementing, integrating, and testing of security scan automation features in CI/CD pipelines