Security Engineer (Application Security, DevSecOps)

Job Summary

This role involves collaborating with different teams to develop and maintain secure cloud architectures in line with best practices. It includes setting up continuous asset monitoring, administering security controls across cloud infrastructure, and implementing secure practices in development lifecycle and containerization platforms. The role also requires developing automated security tools for integration into the CI/CD pipeline, conducting regular security testing and vulnerability scanning, and assessing data flows for potential security risks. Furthermore, the role involves providing guidance to other teams, managing vulnerability resolution, and participating in incident response efforts. Understanding of secure software development practices and DevSecOps methodologies.

Job Requirements
• Experience in security engineering and DevSecOps.
• Lead and oversee all aspects of the Secure Software Development Lifecycle.
• Implement and manage security tools within the CI/CD pipeline, focusing on DevSecOps practices.
• Conduct threat modeling, design, and architectural reviews to identify potential risks.
• Support third-party penetration testing by analyzing vulnerabilities and assessing their potential impact and exploitability.
• Possess a foundational understanding of web application security.
• Demonstrate strong knowledge of cloud computing platforms like AWS, Azure, GCP and their associated security services and features.
• Experience with SAST, SCA, and DAST, with the ability to address real-world challenges in these areas.
• Understand runtime security, image scanning, network security, access control, host OS hardening, and vulnerability management in the container lifecycle.
• Knowledgeable in Kubernetes and the implementation of best practices.
• Proven expertise in using Terraform and other infrastructure as code tools, managing vulnerabilities, policies and implementing best practices.
• Handle vulnerability management for images.
• Adaptable and capable of exploring various products with a wide range of tools and pipelines.
• Familiarity with CI/CD tools such as GitHub Actions, Jenkins or TeamCity.
• Stay informed about emerging security threats and technologies, offering recommendations for security enhancements.
• Experience in automating security controls.
• Understanding of networking and communication protocols like TCP/IP, UDP, SSL/TLS, IPSEC, HTTP, HTTPS, BGP.
• Proficiency in scripting or programming languages like Python, Gol, Ruby for security automation and integration.

Education
• Required 4 years of experience in the security domain.
• Bachelor's degree in computer science, Information Security, or a related field.

At NetApp, we embrace a hybrid working environment designed to strengthen connection, collaboration, and culture for all employees. This means that most roles will have some level of in-office and/or in-person expectations, which will be shared during the recruitment process.

Equal Opportunity Employer

NetApp is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all laws that prohibit employment discrimination based on age, race, color, gender, ****** orientation, gender identity, national origin, religion, disability or genetic information, pregnancy, and any protected classification.

Did you know...

Statistics show women apply to jobs only when they're 100% qualified. But no one is 100% qualified. We encourage you to shift the trend and apply anyway! We look forward to hearing from you.

Why NetApp?

We are all about helping customers turn challenges into business opportunity. It starts with bringing new thinking to age-old problems, like how to use data most effectively to run better - but also to innovate. We tailor our approach to the customer's unique needs with a combination of fresh thinking and proven approaches.

We enable a healthy work-life balance. Our volunteer time off program is best in class, offering employees 40 hours of paid time off each year to volunteer with their favourite organizations. We provide comprehensive benefits, including health care, life and accident plans, emotional support resources for you and your family, legal services, and financial savings programs to help you plan for your future. We support professional and personal growth through educational assistance and provide access to various discounts and perks to enhance your overall quality of life.

If you want to help us build knowledge and solve big problems, let's talk.