Operationalize DevSecOps security controls across SDLC and CI/CD using Azure DevOps Server, ensuring enforceable security gates, vulnerability lifecycle management, and audit-ready evidence.
· Configure and tune Fortify SAST/DAST, define thresholds and exception workflow.
· Automate the renewal and deployment of SSL/TLS certificates using tools like HashiCorp Vault and Cert-Manager in Kubernetes to prevent downtime and security risks.
· Integrate SBOM generation tools into the CI/CD pipeline to track component dependencies, license compliance, and vulnerabilities, providing visibility into the software supply chain.
· Implement image signing and verification using tools like Sigstore/Cosign to ensure code integrity, ensuring only verified, trusted container images are deployed.
· Define Quality Gates, vulnerability SLAs, triage process, remediation tracking and reporting dashboards.
· Integrate secrets management (HashiCorp Vault) and secure access patterns with SecurEnvoy MFA.
· Support compliance evidence: scan outputs, approvals, and release evidence packs.
Partner with DevOps and QA on secure pipelines and test environment controls
Requirements
5–8+ years AppSec/DevSecOps/security engineering experience. Government/regulatory sector experience is a plus. Strong OWASP, threat modeling, and vulnerability management exposure.
Secure SDLC, CI/CD security gates, artifact trust, secrets management, container security concepts, and K8s security basics.
Influence without authority, risk-based communication, pragmatic guidance, and calm escalation handling.
Azure DevOps Server, Fortify (SAST/DAST), HashiCorp Vault, JFrog Artifactory, Sigstore (plus), OpenShift/Kubernetes awareness, and monitoring correlation (AppDynamics/BMC/Azure Monitoring).
Adree is a technology-driven company that goes beyond software testing. We specialize in Quality Assurance (QA), Quality Control (QC), and Low Code/No Code services. We exist to empower businesses in the digital realm, optimizing their projects with high-quality code.
To constantly empower IT and businesses with innovative, unique digital solutions. We bridge the gap between business and technology, crafting distinguished pathways to success. By blending expertise with creativity, we inspire transformative journeys, ensuring our clients thrive in the digital age.
Our Mission:
Empower IT and businesses with innovative, unique digital solutions, bridging the gap between business and technology for success in the digital age.
Our Vision:
Become the global leader in digital excellence, known for our unwavering commitment to tailor-made solutions, driving innovation for businesses of all sizes and industries.
Who We Are:
At Adree, we lead with a visionary concept to ignite innovation in software development and testing. Our distinctive approach empowers businesses through:
1. Quality Assurance (QA) and Quality Control (QC):
Ensuring the reliability and performance of digital solutions.
2. Low Code / No Code Application Development:
Rapid application design and integration for efficiency.
3. Application & Infrastructure Performance Monitoring:
Ensure seamless user experiences.
4. Application Lifecycle Management:
Efficient, secure application management from inception to retirement.
