Senior / Staff Software Engineer - DevSecOps Security Expert (Developer)

Who We Are

About the Opportunity

What You’ll Be Doing

• Develop and maintain the DevSecOps DAST scanning engine.
• Write and optimize DAST scanning rules based on complex application scenarios, verify vulnerabilities identified by the DAST scanning engine, and ensure the accuracy of vulnerability scanning and reproduction.
• Analyze the scope and priority of identified vulnerabilities, formulate false positive suppression rules, and improve the accuracy of vulnerability identification.
• Continuously iterate the DAST engine, optimize the scanning process, improve scanning efficiency and detection rate, and enhance scanning coverage.
• Collaborate with development, operations, and security teams to support vulnerability remediation and security improvements, providing recommendations for security hardening.
• Provide technical support and training to team members, promoting best practices in security governance.

What We Look For In You

• Minimum 5 years of experience in DevSecOps or related fields.
• Familiar with the principles and practical applications of DAST, capable of handling the development and construction of the scanning engine.
• Solid proficiency in Golang and/or Java, able to write automation scripts to support vulnerability scanning, remediation, and engine optimization.
• Proficient with DAST tools (such as AWVS, Xray, Burp Suite, etc.) for vulnerability scanning, and able to customize scanning rules for specific business needs.
• Able to analyze and address false positives and false negatives in the DAST scanning engine.
• Deep understanding of microservices architecture, with familiarity in vulnerability reproduction in microservice and RPC environments.
• Familiar with common web application vulnerabilities (such as SQL injection, XSS, CSRF, file upload vulnerabilities, etc.), their principles, and remediation measures.
• Familiar with the DevSecOps process, able to integrate DAST tools and scanning engines into CI/CD pipelines.
• Strong problem analysis skills and technical documentation writing abilities, capable of analyzing vulnerability reports and providing feasible remediation solutions.
• Good communication and teamwork skills, with the ability to collaborate closely with cross-functional teams to implement security initiatives.

Nice to Haves

• Experience with other security testing tools and methodologies.
• Relevant security certifications.
• Familiarity with containerization technologies and cloud-native architectures, with practical experience in DAST scanning in cloud environments.
• Experience in DAST engine development is a plus.

Perks & Benefits

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• Wellness and meal allowances
• Comprehensive healthcare schemes for employees and dependants
• More that we love to tell you along the process!