Looking for assistance in application security team as it relates to DevSecOps. Have a consistent repeatable process using ServiceNow, Github and Jenkins and Nexus Sonatype (for code scanning) and use Checkmarx for other code scanning (moved from HP AppScan). They have an existing model for security code reviews and security scanning.
Skills and Environment:
- Understanding of SAST and SAST tools
- Understanding of Angular, AngularJS and / or Python (so can suggest remediation to the application development teams)
- Knowledge of code remediation
- Knowledge of ServiceNow APIs (nice to have)
- Write own integrations into ServiceNow (with support from The Hartford ServiceNow team).
- Understanding of code development.
- Really good security developer with a DevOps attitude.
- All the integrations are in place for code scanning in the DevOps lifecycle.
- Remediation suggestions are in the IDE and in the DevOps lifecycle.
- Don't see too many false positives from the code scanning tool (don't get too much pushback from the app development community on remediation recommendations).
- Security code scanning is integrated into Jenkins and part of the code promotion process.