Role description
Must-Have Skills
- Min 10-13yrs years’ experience in Dev SecOps or DevOps along with Application Security, or Security Engineering, with lead-level experience
- Expert-level CI/CD pipeline engineering — building, configuring, and optimising end-to-end ssecurity-integrated pipelines (any major CI/CD platform; GitLab CI/CD preferred)
- SAST — hands-on experience implementing and tuning static analysis tools (Semgrep preferred)
- DAST — proficiency with dynamic application security testing tools (Burp Suite and OWASP ZAP preferred)
- SCA & SBOM — experience with software composition analysis and SBOM generation/tracking (Dependency-Track, CycloneDX/CDXGen preferred)
- Secrets scanning — experience with secrets detection tools integrated into CI pipelines (Detect-Secrets preferred)
- Container & image scanning — experience with container security scanning tools (Trivy preferred)
- Vulnerability management platforms — operating centralised vulnerability aggregation and tracking platforms, managing triage, deduplication, false positive handling, and severity-based SLAs (DefectDojo preferred)
- Secrets management — experience with vault-based secrets management, rotation policies, and least-privilege enforcement (HashiCorp Vault preferred)
- Observability & security monitoring — experience with observability platforms for security log monitoring, ing, and dashboarding (Datadog preferred)
- Sensitive data detection — hands-on experience with PII detection and redaction in application logs across production and non-production environments (Datadog Sensitive Data Scanner / SDS preferred)
- Client-side security — experience with client-side web script monitoring and protection tools (SourceDefense preferred)
- Automated dependency management — experience with automated dependency update tools, including MR review and pipeline failure triage (Dependabot or Renovate preferred)
- Infrastructure scanning — experience with infrastructure vulnerability scanning tools (Qualys preferred)
- Code quality — experience with code quality and static analysis platforms (SonarQube preferred)
- Infrastructure as Code — experience managing security configurations through IaC tools (Terraform preferred)
- Container & cloud security — strong knowledge of Docker, Kubernetes, and securing containerised workloads
- Security standards expertise — deep understanding of OWASP Top 10, CVSS scoring, CWE classification, ASVS, and secure SDLC practices
- Governance & process design — proven ability to define security policies, release criteria, RBAC models, and audit-ready documentation
- Leadership & communication — ability to influence engineering teams, present security risk assessments to stakeholders, and mentor junior security engineers
Skills
security testing,devsecops,devops,cicd pipeline,
About UST
UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients’ organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact—touching billions of lives in the process.
