.. Jmeter Monitoring – CA Wily, Splunk, New Relic, automation testcases and execution Proficient in Web/HTTP, web services protocols End to end analysis of Performance bottlenecks Should be able to work as Individual Contributor Nice to have Worked in CI/CD environment Strong hands on experience in any .. read more
Prevent issues from becoming incidents. As a DevSecOps Engineer , you will be part of a motivated security engineering team responsible for ensuring that Qualys products are built to the highest levels of security and trust. This is a senior role for an engineer with a passion for security, supporting developers, and building trustworthy automation. About Product Security at Qualys The Product Security team operates differently. Our mission is to enable continuous improvement across the lifecycle of our product portfolio, so that Qualys can ensure the highest standards of verifiable security, trust, and compliance. Our function is to build a secure SDLC, uphold quality management objectives, and ensure predictable outcomes for customers, our company, and attackers. We find and resolve problems early, working in-line with development. This allows us to reduce friction, increase release velocity, all while keeping security front of mind and at your fingertips. Responsibilities Security Integration: Collaborate with development teams to integrate security practices throughout the SDLC. Toolchain Management: Lead the security administration of a modern enterprise DevSecOps toolchain and ensure that each capability operates as intended and performs as expected. Automation: Design, implement, maintain, and continuously improve automated security testing, compliance checks, and CI/CD pipelines. Security Policies: Develop and define CI/CD security policies that ensure the security of Qualys products is responsive to the evolving tactics, techniques, and procedures of attackers. Supply Chain Security: Lead efforts to harden CI/CD pipelines and builds, apply digital signing, and ensure provenance of packages. Apply policies and automation to packages from critical suppliers and OEMs to Qualys. Vulnerability Management: Identify, assess, and prioritize vulnerabilities in software applications, infrastructure, and dependencies. Drive remediation strategy collaboration. Infrastructure as Code: Ensure that provisioning and configuration management capabilities enforce continuous scanning and immutable security configurations. Container Security: Ensure that containerized applications, utilizing tools like Docker and base images address key security risks through immutable security configurations. Kubernetes Security: Ensure an effective K8s security architecture Pod Security Policy Administration, Service Mesh Security, Container Image Security, Network Security, and RBAC policies. Collaboration: Foster a culture of collaboration between development, operations, and security teams, ensuring a shared responsibility for security. Documentation: Create and maintain documentation for security processes, policies, and procedures. Work with leadership to drive engagement through the Security Champions program. Qualifications Experience with CI pipeline creation for implementing Secure SLDC controls in major CI agents like Jenkins, Concourse, GitHub, etc. Expertise in Terraform (HCL), Kubernetes, Docker, and cloud-native security administration. Experience enforcing security policies on SCM such as GitHub, Bitbucket. Skilled in assessing and improving pipeline workflow, scan optimizations, and feedback loops. History of authoring, implementing, and maintaining SAST, SCA, Binary, IaC, and Container security policies in stand-alone as well as in CI pipeline. Experience in secret detection enablement in CI pipeline. Proven ability to write scalable Ansible and Terraform scripts for security configurations. Bonus Points You understand that DevOps is both a craft and a culture. You work well across teams, across time zones Understanding of SLSA You enjoy making jokes about SBOMs