Senior DevSecOps Engineer

TriNet is a leading provider of comprehensive human resources solutions for small to midsize businesses (SMBs). We enhance business productivity by enabling our clients to outsource their HR function to one strategic partner and allowing them to focus on operating and growing their core businesses. Our full-service HR solutions include features such as payroll processing, human capital consulting, employment law compliance and employee benefits, including health insurance, retirement plans and workers’ compensation insurance. 
TriNet has a nationwide presence and an experienced executive team. Our stock is publicly traded on the NYSE under the ticker symbol TNET. If you’re passionate about innovation and making an impact on the large SMB market, come join us as we power our clients’ business success with extraordinary HR.

Don't meet every single requirement? Studies have shown that many potential applicants discourage themselves from applying to jobs unless they meet every single requirement. TriNet always strives to hire the most qualified candidate for a particular role, ensuring we deliver outstanding results for our small and medium-size customers. So if you're excited about this role but your past experience doesn't align perfectly with every single qualification in the job description, nobody’s perfect – and we encourage you to apply. You may just be the right candidate for this or other roles. 

A Brief Overview
The Senior DevSecOps Engineer is a highly technical individual with a strong understanding of web application security and software development lifecycle (SDLC). Working closely with other members of the team and reporting directly to the Security Engineering Manager, you will assist in the day-to-day operation of the TriNet's global app sec program. This will include (but is not limited to) developing new ways to detect and mitigate application security vulnerabilities through tooling and hands on testing. This position will also monitor, detect, response and lead any incident response related to application security. As a long-term goal, this position will analyze to discover anti-patterns within Trinet application ecosystem for making long lasting impact to how Trinet builds its software.
Locations
India (On-site)
What you will do

• Assist in the day-to day operation of the organization's global app sec program.
• Develop secure software testing and validation procedures by fine tuning custom rules in SAST/DAST tooling
• Conduct security QA testing on high-risk product features (i.e. pen testing)
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) in conjunction with an application or system major change.
• Analysis to discover anti-patterns within the application ecosystem in support of strategic software goals.
• Provide support to dev teams in developing unit test cases that assures against business logic flaws and missing authorization checks.
• Performs other duties as assigned
• Complies with all policies and standards

Education Qualifications

• Bachelor's Degree in Computer Science, Information Technology, Cybersecurity or a related field required

Experience Qualifications

• Typically 5+ years experience in a security or similar technical role required
• Experience with penetration testing, SAST/DAST tuning implementation, etc required

Skills and Abilities

• Skill in penetration testing principles, tools, and techniques.
• Skill in building custom rules and implementing SAST/DAST tools
• Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language (PL/SQL) and injections, race conditions, covert channel, replay, return-oriented attacks and malicious code)
• · Knowledge of Personally Identifiable Information (PII) and Personal Health Information (PHI) data security standards.
• · Knowledge of programming language structures and logic.
• · Knowledge of Agile software development models
• · Skill in secure test plan design (e. g. unit, integration, system, acceptance).
• · Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, and non-repudiation)

Licenses and Certifications

• Certified Ethical Hacker (CEH) preferred or
• Offensive Security Certified Professional (OSCP) preferred or
• GIAC Web Application Penetration Tester (GWAPT) or equivalent preferred

Travel Requirements
minimal
Work Environment

• Work in clean, pleasant, and comfortable office setting. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable persons with disabilities to perform the essential functions.
• Work is 100% In-Office in Hyderabad

Please Note: TriNet reserves the right to change or modify job duties and assignments at any time. The above job description is not all encompassing. Position functions and qualifications may vary depending on business necessity.
TriNet is an Equal Opportunity Employer and does not discriminate against applicants based on race, religion, color, disability, medical condition, legally protected genetic information, national origin, gender, sexual orientation, marital status, gender identity or expression, sex (including pregnancy, childbirth or related medical conditions), age, veteran status or other legally protected characteristics. Any applicant with a mental or physical disability who requires an accommodation during the application process should contact [email protected] to request such an accommodation.