Cyber Security Specialist

About the Company

We are seeking a highly skilled and self-driven FOSS Sonatype IQ Subject Matter Expert (SME) to join our Secure Development Cybersecurity team. This role is crucial to strengthening our software supply chain security and ensuring open-source compliance across development teams in Global business and functions.

About the Role

The ideal candidate will possess deep expertise in Sonatype IQ Server along with other OSS scanning tools (like Snyk, Black Duck, Dependency-Track, Crowd Strike), a strong grasp of modern DevSecOps practices, and hands-on experience in establishing FOSS usage policies in enterprise environments. In this role, you will be responsible for ensuring the secure code adoption, governance, and compliance of open-source software security across the organization. You will work closely with development, security, and technology teams to mitigate risks, enforce policies, and enhance the security posture of open-source software.

Responsibilities

• Serve as the primary advisor and technical expert for Sonatype Nexus IQ Server and open-source dependency vulnerability scanning.
• Implement and maintain Sonatype IQ integrations within CI/CD pipelines to automate security and compliance checks.
• Analyze and remediate vulnerabilities, license risks, and policy violations in open-source dependencies.
• Develop and enforce software composition analysis (SCA) best practices across development teams.
• Collaborate with security teams to prioritize and mitigate OSS vulnerabilities based on risk assessments.
• Create and maintain custom policy configurations in Sonatype IQ to align with organizational security standards.
• Train and mentor engineering teams on secure OSS usage, dependency management, and DevSecOps best practices.
• Work to uplift the vulnerability scanning and remediation capabilities to meet enhanced Service Level Agreements (SLAs), ensuring timely and effective resolution of security vulnerabilities.
• Monitor and report on FOSS risk metrics, providing actionable insights to leadership.
• Stay updated on emerging software supply chain threats and recommend proactive security measures.
• Support SBOM interlock and proactively participate in wider SBOM program.
• To perform security assessment and identify potential risk with open source LLMs.

Qualifications

• 4+ years of hands-on experience with Sonatype Nexus IQ Server in an enterprise environment.
• Strong understanding of Software Development Life Cycle (SDLC) with a focus on security.
• Strong expertise in open-source Software security, vulnerability management, and license compliance.
• Proficiency in DevSecOps practices, including CI/CD integration (Jenkins, GitLab, GitHub Actions, etc.)
• Experience with software composition analysis (SCA) tools and dependency management (Maven, npm, pip, etc.)
• Knowledge of OWASP Top 10, CVE, and MITRE ATT&CK frameworks related to OSS risks.
• Familiarity with container security (Docker, Kubernetes) and SBOM (Software Bill of Materials) generation.
• Good to have scripting skills (Bash, Python, Groovy) for automation and tool customization.
• Excellent communication skills, with the ability to explain complex security concepts to non-technical stakeholders.

Required Skills

• 7+ years of experience into cybersecurity, Information security or security engineering.
• Strong DevSecOps and Software security background.
• Desirable to have one or more industry-recognised cybersecurity-related certifications including CISSP, CRISC, CISM, OSCP.
• Bachelor or Masters degree in Computer Science, Information Technology, Cybersecurity or equivalent.

Job Title: FOSS Sonatype IQ SME

Location: India (Bengaluru, Hyderabad, Pune)

CSAT- Cybersecurity