Job Description
Responsibilities:
SDLC Integration and AppSec Tooling
- Support the day-to-day operation of application security tooling across SAST, DAST, SCA (software composition analysis), secrets detection, and container image scanning.
- Help onboard new applications and repositories into AppSec tooling; configure scan policies and validate that pipelines are correctly instrumented.
- Assist with tuning of detection rules and policies to reduce false positives and improve signal quality for engineering teams.
- Maintain documentation, runbooks, and quick-reference guides for AppSec tooling and processes.
Findings Triage and Vulnerability Management
- Triage findings from AppSec tooling — validate, prioritize by risk and exploitability, deduplicate, and route to the appropriate engineering owners.
- Perform false positive validation on tooling findings — review code contex...