DevSecOps Application Security Engineer
Indexed description
In the assigned Job Role of Infrastructure Consultant 2, your Area Of Responsibility will be as below:
- Collaborate with internal and client teams to resolve complex incidents, conduct root cause analyses, and document findings with preventive recommendations
- Participate in evaluation of client IT infrastructure, prepare actionable assessment reports, and support due diligence to document infrastructure maturity and improvement opportunities
- Contribute to the design of scalable, cost-effective IT infrastructure solutions, review reusable components, and develop technical documentation for deployed systems
- Align release schedules and environment readiness, execute deployments as per protocols, perform post-deployment testing, and manage version control to track changes
- Co-ordinate maintenance schedules, emergency fixes, and technology upgrades while ensuring uninterrupted integration into existing systems and processes
- Facilitate performance data analysis across systems, coordinate insights on system behavior, and support capacity planning to optimize performance
- Conduct security checks, recovery drills, and compliance audits, implement security measures, and coordinate continuity plans to maintain adherence to standards
- Gather feedback to identify automation opportunities, analyze existing infrastructure processes, and propose enhancements for efficiency gains
- Act as liaison with onsite, offshore, and vendor teams to document project requirements, ensuring effective collaboration
- Develop a centralized repository of technical and procedural knowledge, leveraging insights from other projects to drive efficiency and retain organizational expertise
- A collaborative spirit and excellent communication skills.
- Ability to handle complex incidents and implement resolutions
- A knack for conducting IT infrastructure assessment and identifying key optimization opportunities
- Focused approach towards deployment management, system optimization, and process automation initiatives including sector specific focus
- The ability to work with cross-functional teams
- Application Security Testing: Conduct SAST/SCA using GHAS and DAST using Burp Suite; validate and classify vulnerabilities aligned with OWASP.
- DevSecOps & Integration: Integrate GHAS into CI/CD, automate scans across SDLC, configure policies, reduce false positives, and enable shift-left security with development teams.
- Vulnerability Management: Analyze findings, provide remediation guidance, track vulnerabilities through lifecycle, and support risk-based prioritization.
- Reporting & Stakeholder Management: Prepare technical and executive reports, communicate findings with stakeholders, and support audits, compliance, and AppSec initiatives.
- Security Advisory & Review: Conduct secure code reviews and architecture level assessments; Coordinate with development teams on secure coding and mitigation strategies.
- Knowledge Of: SDLC and DevSecOps practices, microservices/API/cloud security, strong analytical/problem-solving skills, and stakeholder communication/consulting experience.
- Exposure to SAST (Fortify, SonarQube), DAST (Netsparker, Fortify on Demand), and SCA (BlackDuck, Dependabot) tools
- Certifications: CEH, OSCP, GWAPT, CSSLP, CISSP
- Experience in threat modeling and architecture reviews
- Bachelor’s degree or foreign equivalent required from an accredited institution. Will also consider three years of progressive experience in the specialty in lieu of every year of education.
- This position may require relocation and/or travel to work/project location.
- Candidates authorized to work for any employer in the United States without employer-based visa sponsorship are welcome to apply. Infosys is unable to provide immigration sponsorship for this role now or in the future.
- Medical/Dental/Vision/Life Insurance
- Long-term/Short-term Disability
- Health and Dependent Care Reimbursement Accounts
- Insurance (Accident, Critical Illness , Hospital Indemnity, Legal)
- 401(k) plan and contributions dependent on salary level
- Paid holidays plus Paid Time Off
EEO
Infosys provides equal employment opportunities to applicants and employees without regard to race; color; sex; gender identity; sexual orientation; religious practices and observances; national origin; pregnancy, childbirth, or related medical conditions; status as a protected veteran or spouse/family member of a protected veteran; or disability.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search