DevSecOps Application Security Lead Engineer - Remote

Overview

The DevSecOps Application Security Lead Engineer at Cencora is a key role focused on enhancing application and API security within the DevOps pipeline, requiring an experienced security professional to integrate security throughout the software development lifecycle.

In Short

• Incorporate security measures into every stage of the DevOps pipeline.
• Implement and maintain controls in the CI/CD pipeline.
• Conduct routine security checks using automated tools.
• Collaborate with development, operations, and security teams.
• Develop policies aligned with regulations and conduct security assessments.
• Educate teams on secure coding practices.
• Manage incident response protocols.
• Evaluate third-party services for security weaknesses.
• Conduct research to analyze security weaknesses.
• Mentor junior engineers in security practices.

Requirements

• Bachelor's or Master's degree in Computer Science or Cybersecurity.
• Six or more years of relevant experience in information security.
• Hands-on development experience with a strong understanding of secure coding.
• Experience in vulnerability management and API security.
• Proficient in using Checkmarx One and Veracode.
• Experience with SAST, DAST, and IaC security.
• Strong collaboration skills with global teams.
• Advocate for security in the development process.
• Familiarity with various security testing methodologies.
• Certifications like OSCP, CEH, or CISSP are a plus.

Benefits

• Comprehensive medical, dental, and vision care.
• Support for working families including backup care and adoption assistance.
• Paid parental and caregiver leave.
• Training programs and professional development resources.
• Opportunities for mentorship and volunteer activities.