Responsibilities:
SDLC Integration and AppSec Tooling
Support the day-to-day operation of application security tooling across SAST, DAST, SCA (software composition analysis), secrets detection, and container image scanning.
Help onboard new applications and repositories into AppSec tooling; configure scan policies and validate that pipelines are correctly instrumented.
Assist with tuning of detection rules and policies to reduce false positives and improve signal quality for engineering teams.
Maintain documentation, runbooks, and quick-reference guides for AppSec tooling and processes.
Findings Triage and Vulnerability Management
Triage findings from AppSec tooling — validate, prioritize by risk and exploitability, deduplicate, and route to the appropriate engineering owners.
Perform false positive validation on tooling findings — review code context, data flow, and exploitability conditions to confirm whether reported issues are genuine; document rationale for...