GuidePoint Security

Compensation

Full Description

Required Experience: • Proficiency with the implementation, operationalization, and troubleshooting of Static Application Security Testing (SAST) tools such as Semgrep, Snyk, CodeQL, Checkmarx, Veracode, etc. • Understanding of Continuous Integration / Continuous Delivery (CI/CD) pipeline tools and processes (e.g. GitHub Actions, GitLab Runners, Azure DevOps, Jenkins, CircleCI, etc.) • Experience in software engineering, ideally full stack software development, including modern technologies and application architectures • Strong scripting and automation experience using one or more programming languages • Solid working knowledge of application security fundamentals including the OWASP Top 10, threat modeling, and implementing secure coding practices throughout the Software Development Lifecycle (SDLC) • Excellent written and verbal communication skills Preferred: • Experience writing or adapting custom SAST rules (Semgrep or CodeQL) • Familiarity with additional Application Security tools (e.g. Interactive (IAST), Dynamic (DAST) and API security, SCA, etc.) • Familiarity with API Security tools (e.g., NoName, Traceable, Salt, Cequence) • Practical hands-on experience validating vulnerabilities and proficiency with Burp Suite • Strong working knowledge of Secure Development Lifecycles and experience triaging and remediating technical vulnerabilities identified by web application scanning tools • Understanding of automated security testing approaches and tools • Experience in building and operating security tools within CI/CD pipelines • Experience with proactive integration of security into the development process • Past experience as an application security practitioner or software engineer Educational & Professional Credentials: • Bachelor's degree in a relevant discipline or equivalent experience • 3-5 years of security engineering experience in the Information Security industry