Responsibilities:

SDLC Integration and AppSec Tooling

• Support the day-to-day operation of application security tooling across SAST, DAST, SCA (software composition analysis), secrets detection, and container image scanning.
• Help onboard new applications and repositories into AppSec tooling; configure scan policies and validate that pipelines are correctly instrumented.
• Assist with tuning of detection rules and policies to reduce false positives and improve signal quality for engineering teams.
• Maintain documentation, runbooks, and quick-reference guides for AppSec tooling and processes.

Findings Triage and Vulnerability Management

• Triage findings from AppSec tooling — validate, prioritize by risk and exploitability, deduplicate, and route to the appropriate engineering owners.
• Perform false positive validation on tooling findings — review code context, data flow...