Application Security Automation Engineer

**This role would require you to WFO 3days/ week mandatory. The Opportunity

"

As a Product Security Engineer within FICO’s Cybersecurity organization, you will contribute your assistance and innovative ideas to the Security Tools Development team. This role provides the opportunity to develop a deep understanding of our business, work closely with security, product management, and development engineers to architect, design, select, and deploy the appropriate automated application security testing tools in the DevSecOps process

". - Sr. Manager, Cyber Security

What We’re Seeking

Bachelor’s or related discipline, or relevant experience in software design, development, and testing. 4-7 years of desired strong knowledge of programming, architecture and automation concepts, Terraform is preferred and Crossplane is expected. Foundational knowledge of HashiCorp Vault for secrets management, along with experience deploying via Helm, ArgoCD, and Crossplane, is required. Ability to understand and apply design with architects, principal engineers and discuss strategy/requirements with teams. Ability to conduct product demonstrations and advantage installing applications on-premises, SaaS or Cloud. Knowledge of Security Testing Tools (DAST, SAST, SCA, IAST, IaC, Supply Chain Security, etc.) is a plus.

What You’ll Contribute

Help Lead Engineers integrate Application and DevSecOps processes with CI/CD pipelines from early stages of the lifecycle. Assists in development, implementation, and analysis of technical security products. Implementing and understanding cloud solutions (AWS) with Infrastructure as Code tool (Terraform or Crossplane) for Security Tools (DAST, SAST, SCA, IaC, IAST, Supply Chain Security, Secrets Management, etc.) Help to build CI/CD pipelines with Jenkins MPL, GitHub Actions and ArgoCD for Security Artifacts. Speed Architecture with Docker and Kubernetes, along with cloud hosting providers, like AWS. Act as Developer teams to cloud (AWS) integrating software service tools (Jenkins, JFrog Artifactory, GitHub Actions) into automation for on-premises, SaaS and Cloud Security Tools. Help to Lead engineers to on-boarding security tools such as DAST, SAST, SCA, IaC, IAST, Supply Chain Security, Secrets Management, etc., vulnerability and open-source scanning into the Security DevSecOps life cycle for multiple tech stacks. Contributing features to internally developed Cyber security tools and integrating those tools into the Security DevOps pipelines. Drive technical discussions and propose best practices to Lead Engineers for DevSecOps process. Help maintain stability, compatibility, scalability, interoperability, and performance of Security Tools products. Learn new technologies in related areas.