Security Defect Management - Analyzing, validating, communicating, and consulting on security defects identified by both automated and manual sources such as CodeQL, Rapid7 Web Application Security, penetration testing, bug bounty, etc. In other words, our security engineers are partners to software engineers who require accurate information on why a vulnerability exists and what they can do about it.
Engineering Consulting β Serving as a βbest friendβ to software engineers, architects, product owners, and leaders, provide contextually-aware guidance to help these groups make good decisions when implementing new features and remediating existing issues.
Tool Enablement - Enabling and monitoring automated defect detection tooling (CodeQL, Rapid7, etc.) at the repository or application level according to established process.
Security Test Onboarding & Management β Collecting and communicating required scope and access informati...