Senior Full Stack + DevSecOps Platform Engineer

2 views
Skip to first unread message

Venkat Reddy

unread,
May 14, 2026, 4:23:08 PMMay 14
to My C2C Vendors 2023

Position: Senior Full Stack + DevSecOps Platform Engineer

Location: Irving, TX (5 days in office)


Note: Need Ex-Verizon, - the Telecom domain is mandatory

 

Job Description:

SBOM / CBOM Inventory, Vulnerability Scanning & AI Auto-Remediation Platform

 

We are looking for a hands-on Senior Full Stack + DevSecOps Platform Engineer to help design and build an internal security automation platform for SBOM/CBOM inventory, vulnerability scanning, and AI-assisted auto-remediation using Claude.

 

This is not a traditional full-stack developer role. The ideal candidate should have strong experience across application development, CI/CD, cloud engineering, security scanning, cryptography inventory, and remediation automation.

 

Key Responsibilities

  • Design and build a centralized platform for SBOM and CBOM inventory.
  • Scan applications, repositories, containers, dependencies, certificates, keys, crypto algorithms, TLS/HTTPS configurations, secrets, and runtime components.
  • Build and integrate Jenkins/GitLab CI/CD pipelines for SBOM, CBOM, vulnerability, container, code, and crypto policy scans.
  • Identify vulnerable dependencies, CVEs, weak cryptography, expired certificates, insecure TLS versions, hardcoded secrets, and non-compliant libraries.
  • Build dashboards and reports for application inventory, vulnerability posture, crypto posture, remediation status, and SLA tracking.
  • Integrate security tools such as Syft, Grype, CycloneDX, JFrog Xray, Sonatype, Checkmarx, Fortify, Veracode, or similar tools.
  • Build AI-assisted remediation workflows using Claude or similar AI coding agents.
  • Automate safe fixes such as dependency upgrades, base image updates, configuration changes, and pull request creation.
  • Ensure all remediations go through build, test, scan, approval, audit, and rollback workflows before merge or deployment.
  • Work closely with application, security, DevOps, and platform teams.

 

Required Skills

  • Strong hands-on backend development experience with Java/Spring Boot.
  • Experience with at least one additional language such as Node.js, Python, or Go.
  • Experience building REST APIs, microservices, batch jobs, and platform integrations.
  • Hands-on experience with Jenkins and/or GitLab CI/CD.
  • Strong understanding of SBOM, dependency scanning, transitive dependencies, CVEs, and container image scanning.
  • Good understanding of CBOM and crypto inventory, including:

o   TLS/HTTPS

o   Certificates

o   Keys

o   Cipher suites

o   Encryption algorithms

o   Hashing algorithms

o   Signing algorithms

o   Keystores/truststores

o   Secrets management

  • Ability to identify weak crypto such as MD5, SHA-1, DES/3DES, RC4, RSA-1024, TLS 1.0/TLS 1.1, and disabled certificate validation.
  • Hands-on AWS experience with services such as:

o   Lambda

o   API Gateway

o   S3

o   DynamoDB

o   IAM

o   ECS/EKS

o   CloudWatch

o   X-Ray

o   Secrets Manager

o   KMS

  • Experience with monitoring and troubleshooting tools such as Splunk, ELK/Kibana, CloudWatch, and X-Ray.
  • Strong troubleshooting skills across application, pipeline, cloud, and security issues.

 

AI Auto-Remediation Expectations

The candidate should understand how to use Claude or similar AI tools in a controlled engineering workflow, including:

  • Vulnerability finding ingestion
  • Code and dependency analysis
  • Impact assessment
  • Branch creation
  • Code/config updates
  • Test execution
  • SBOM/CBOM regeneration
  • Pull request creation
  • Human approval for high-risk changes
  • Audit and rollback controls

 

AI should not have direct merge, production deployment, or secret access.

 

Preferred Skills

  • Experience building internal developer platforms or security automation platforms.
  • Experience with vulnerability management and remediation workflows.
  • Experience with policy engines such as OPA or custom rule engines.
  • Knowledge of post-quantum cryptography readiness and crypto-agility.
  • Experience with certificate lifecycle management, secrets management, and cloud security controls.
  • Frontend experience with Angular or React for dashboards and reporting.

 

Minimum Qualifications

  • 8+ years of software engineering experience.
  • 3+ years of DevOps, DevSecOps, platform engineering, or security automation experience.
  • Strong Java/Spring Boot background.
  • Hands-on CI/CD and cloud experience.
  • Practical experience with security scanning and vulnerability remediation.
  • Strong communication skills and ability to work across security, platform, DevOps, and application teams.


Thanks & Regards,
Maddula Venkateshwara Reddy | ICS Global Soft
Senior. US IT RECRUITER
venkatre...@gmail.com

Reply all
Reply to author
Forward
0 new messages