Application Security Consultant

Chicago, IL, United States

About Client:

The Client is a leading global IT services and consulting company, providing a wide range of services to clients in various industries, including banking, financial services, retail, manufacturing, healthcare, and more. It is one of the largest employers in the IT industry and has a vast and diverse workforce. The company places a strong emphasis on employee training and development. Client is known for its commitment to innovation and invests in research and development to stay at the forefront of technological advancements.

It offers a comprehensive set of services, including:

IT Services: Application development, maintenance, and testing.

Consulting: Business consulting, IT strategy, and digital transformation.

Business Process Outsourcing (BPO): Outsourcing of business processes to improve efficiency.

Enterprise Solutions: Implementation and support of enterprise-level software solutions. Digital Services: Services related to digital technologies, such as analytics, cloud, and IoT.

Salary Range: $110K-$150K/Annum

Job Description:

Strong knowledge with DevOps tools and technologies, such as Jenkins, Docker, Kubernetes, and Ansible

Experience in designing and implementing pipelines, build management scripts

Solid experience working with and integrating automated security tools into CI/CD pipelines

Solid experience in integrating external tools or products with pipelines

Ability to scale security within the SDLC by automation using tools sets such as source code analyzers, vulnerability scanners, configuration validation, and similar techniques

Experience in integrating SAST (SonarQube or any SAST) & SCA tools to CI/CD pipelines

Solid understanding on Container technologies (Docker, Kubernetes) and scanning the containers

Hands-on technical knowledge of Vulnerability/compliance, Secure Coding

Strong knowledge on Python and BASH scripting

Proven experience in software development, IT operations, or a similar role

Strong analytical and problem-solving skills

Ability to validate and articulate all vulnerabilities identified in the composition scans.

Interpret vulnerability data, communicate business impact and remediation actions to the technical teams and business leaders

Design and produce customized reports on an as needed basis

Ability to build Standard Operating Procedures (SOPs) capturing the technical details and nuances

Experience Required: Experience with Automated Security Scanning tools like "Snyk"

Strong technical knowledge of secure engineering principles

Experience in implementing Terraform scripts for IaC

Experience in assessing current systems and processes, and developing ways to improve them

Conduct, coordinate and perform application vulnerability assessments (dynamic & static) through the use of automated and manual tools

Experience with cloud platforms, such as AWS, Azure

Proven ability to communicate technical issues to technical and non-technical audience; ability to work effectively as part of remediation teams

Knowledge and understanding of full life cycle application development

Roles & Responsibilities : In this role, you will be responsible to implement or customize CI/CD pipelines to integrate the Snyk to perform SAST, SCA, Container Scan and IaC Scans.

Configuring the trigger criteria, triggering, setting up SAST Quality gates, configuring build criteria etc.

The responsibilities of this role does include analyzing the Vulnerabilities for false positives, offer remediation guidance and build SOPs that help customer to expedite the resolution of vulnerabilities.

About ApTask:

ApTask is a leading global provider of workforce solutions and talent acquisition services, dedicated to shaping the future of work. As an African American-owned and Veteran-certified company, ApTask offers a comprehensive suite of services, including staffing and recruitment solutions, managed services, IT consulting, and project management. With a focus on excellence, collaboration, and innovation, ApTask provides unparalleled opportunities for professional growth and development. As a member of the ApTask team, you will have the chance to connect businesses with top-tier professionals, optimize workforce performance, and drive success across diverse industries. Join us at ApTask and be part of our mission to empower organizations to thrive while fostering a diverse and inclusive work environment.

Applicants may be required to attend interviews in person or by video conference. In addition, candidates may be required to present their current state or government issued ID during each interview.

Candidate Data Collection Disclaimer:

At ApTask, we prioritize safeguarding your privacy. As part of our recruitment process, certain Personally Identifiable Information (PII) may be requested by our clients for verification and application purposes. Rest assured, we strictly adhere to confidentiality standards and comply with all relevant data protection laws. Please note that we only collect the necessary information as specified by each client and do not request sensitive details during the initial stages of recruitment.

If you have any concerns or queries about your personal information, please feel free to contact our compliance team at [email protected]