Product Security Analyst
OneTrust
مجموع سنوات الخبرة :0 years, 6 أشهر
GitLab Management for Vulnerability Management: Utilized GitLab as the primary platform for managing code repositories and collaboration, with a strong focus on integrating security practices. Implemented and managed GitLab's SAST (Static Application Security Testing) to automatically scan code for vulnerabilities during the development process, ensuring secure code practices. Configured and utilized GitLab's Dependency Scanning to identify vulnerabilities in third-party libraries and dependencies, ensuring they are up-to-date and secure. Secret Scanning to detect and prevent the exposure of sensitive information such as API keys and passwords in the codebase. Automated the creation and management of GitLab tickets for newly identified vulnerabilities, ensuring timely attention and resolution. Developed and implemented scripts to streamline the ticket creation process, reducing manual workload and improving response times.
Vulnerability Management: Leveraged Snyk to identify and remediate vulnerabilities in third-party dependencies, reducing the risk of security breaches. Used Wiz for continuous security monitoring and real-time visibility into cloud infrastructure, enhancing the overall security posture. Utilized Oligo to identify and manage vulnerabilities in the software supply chain, ensuring the security and integrity of third-party components. Integrated comprehensive security testing into the CI/CD pipeline, utilizing GitLab's DAST (Dynamic Application Security Testing), SAST, Dependency Scanning, and Secret Scanning tools to ensure thorough security validation throughout the development lifecycle.
CI/CD Integration:Utilized Jenkins to automate build processes and validate recent updates, particularly for Microsoft vulnerabilities.Ensured seamless integration of security testing tools within the CI/CD pipeline, supporting continuous and automated security validation.