DevSecOps Application Security Engineer

Infosys•Atlanta, GA

About The Position

In the assigned Job Role of Infrastructure Consultant 2, your Area Of Responsibility will be as below: * Collaborate with internal and client teams to resolve complex incidents, conduct root cause analyses, and document findings with preventive recommendations * Participate in evaluation of client IT infrastructure, prepare actionable assessment reports, and support due diligence to document infrastructure maturity and improvement opportunities * Contribute to the design of scalable, cost-effective IT infrastructure solutions, review reusable components, and develop technical documentation for deployed systems * Align release schedules and environment readiness, execute deployments as per protocols, perform post-deployment testing, and manage version control to track changes * Co-ordinate maintenance schedules, emergency fixes, and technology upgrades while ensuring uninterrupted integration into existing systems and processes * Facilitate performance data analysis across systems, coordinate insights on system behavior, and support capacity planning to optimize performance * Conduct security checks, recovery drills, and compliance audits, implement security measures, and coordinate continuity plans to maintain adherence to standards * Gather feedback to identify automation opportunities, analyze existing infrastructure processes, and propose enhancements for efficiency gains * Act as liaison with onsite, offshore, and vendor teams to document project requirements, ensuring effective collaboration * Develop a centralized repository of technical and procedural knowledge, leveraging insights from other projects to drive efficiency and retain organizational expertise Your contribution to the team: * A collaborative spirit and excellent communication skills. * Ability to handle complex incidents and implement resolutions * A knack for conducting IT infrastructure assessment and identifying key optimization opportunities * Focused approach towards deployment management, system optimization, and process automation initiatives including sector specific focus * The ability to work with cross-functional teams

Requirements

Application Security Testing: Conduct SAST/SCA using GHAS and DAST using Burp Suite; validate and classify vulnerabilities aligned with OWASP.
DevSecOps & Integration: Integrate GHAS into CI/CD, automate scans across SDLC, configure policies, reduce false positives, and enable shift-left security with development teams.
Vulnerability Management: Analyze findings, provide remediation guidance, track vulnerabilities through lifecycle, and support risk-based prioritization.
Reporting & Stakeholder Management: Prepare technical and executive reports, communicate findings with stakeholders, and support audits, compliance, and AppSec initiatives.
Bachelor’s degree or foreign equivalent required from an accredited institution. Will also consider three years of progressive experience in the specialty in lieu of every year of education.
Candidates authorized to work for any employer in the United States without employer-based visa sponsorship are welcome to apply.
Infosys is unable to provide immigration sponsorship for this role now or in the future.

Nice To Haves

Security Advisory & Review: Conduct secure code reviews and architecture level assessments; Coordinate with development teams on secure coding and mitigation strategies.
Knowledge Of: SDLC and DevSecOps practices, microservices/API/cloud security, strong analytical/problem-solving skills, and stakeholder communication/consulting experience.
Exposure to SAST (Fortify, SonarQube), DAST (Netsparker, Fortify on Demand), and SCA (BlackDuck, Dependabot) tools
Certifications: CEH, OSCP, GWAPT, CSSLP, CISSP
Experience in threat modeling and architecture reviews

Responsibilities

Collaborate with internal and client teams to resolve complex incidents, conduct root cause analyses, and document findings with preventive recommendations
Participate in evaluation of client IT infrastructure, prepare actionable assessment reports, and support due diligence to document infrastructure maturity and improvement opportunities
Contribute to the design of scalable, cost-effective IT infrastructure solutions, review reusable components, and develop technical documentation for deployed systems
Align release schedules and environment readiness, execute deployments as per protocols, perform post-deployment testing, and manage version control to track changes
Co-ordinate maintenance schedules, emergency fixes, and technology upgrades while ensuring uninterrupted integration into existing systems and processes
Facilitate performance data analysis across systems, coordinate insights on system behavior, and support capacity planning to optimize performance
Conduct security checks, recovery drills, and compliance audits, implement security measures, and coordinate continuity plans to maintain adherence to standards
Gather feedback to identify automation opportunities, analyze existing infrastructure processes, and propose enhancements for efficiency gains
Act as liaison with onsite, offshore, and vendor teams to document project requirements, ensuring effective collaboration
Develop a centralized repository of technical and procedural knowledge, leveraging insights from other projects to drive efficiency and retain organizational expertise
Conduct SAST/SCA using GHAS and DAST using Burp Suite; validate and classify vulnerabilities aligned with OWASP.
Integrate GHAS into CI/CD, automate scans across SDLC, configure policies, reduce false positives, and enable shift-left security with development teams.
Analyze findings, provide remediation guidance, track vulnerabilities through lifecycle, and support risk-based prioritization.
Prepare technical and executive reports, communicate findings with stakeholders, and support audits, compliance, and AppSec initiatives.
Conduct secure code reviews and architecture level assessments; Coordinate with development teams on secure coding and mitigation strategies.