, including adherence to OWASP security principles Conduct application security scans using tools such as Fortify and Sonatype... Experience with DevSecOps and security tools such as Jenkins, Fortify, Sonatype, and JIRA Knowledge of DoD Risk Management...
and IT security principals in general Experience in building and setting up Sonatype Nexus-IQ server and Nexus NXRM... on how to improve their Software Supply Chain and DevSecOps practices using Sonatype solutions. Add Nexus Firewall to stop OSS risk...
teams and leadership. Design and integrate OSS security tooling, including JFrog Artifactory/Xray or Sonatype Nexus...-on experience with SBOMs, OSS scanning tools, and vulnerability management. Experience with JFrog or Sonatype artifact repository...
via Fortify and Sonatype-to ensure full cybersecurity compliance for all supported DoD applications. Position... code reviews and scans (Fortify, Sonatype), and BurpSuite scans for public web resources. Manage findings through POA&M...
, Checkmarx), SCA (e.g., Veracode SCA, Sonatype) and DAST (e.g., Acunetix, Burp Suite) tools to analyze the security posture...
, Gradle, Helm, Sonatype). Prior exposure to continuous integration/delivery tools such as Jenkins, GitHub Actions, GitLab...
and artifact management (Sonatype Nexus, various build frameworks) Release management and deployment strategies Infrastructure...
such as GitLab or GitHub Enterprise Experience with CI/CD Pipeline tools such as Maven, Make, Git, Artifactory, Sonatype...
Build/sustain CI/CD pipelines with GitLab CI, Terraform, Docker, and Kubernetes. Integrate Sonatype, Fortify... (Fortify, Sonatype, Selenium). DoD 8570: IAT Level II (Security+ CE minimum). Active Secret clearance. COMPETENCIES...