Perform code scanning, validation, tuning, and optimization using SAST, DAST, and SCA tools (e.g., Snyk, Burp Suite, SonarQube, Veracode, and Checkmarx) to ensure accurate, prioritized, and actionable remediation results.
Conduct penetration testing, code scanning, secrets management (GitGuardian), and threat modeling for business applications to determine risk ratings and prioritize the vulnerabilities discovered along with the organization’s remediation timelines.
Execute intake, triage, analysis, and reporting procedures for security assessments.
Experience working with code repositories such as GitHub and with CI/CD pipelines in Azure DevOps.
Coordinate assessment and risk analysis activities, evaluate governance processes, and recommend improvement opportunities.
Supports establishment, development, and maintenance of risk governance frameworks, risk assessment methodologies, risk met...