Senior Security Operations Engineer

Recruitment Fraud Alert

Weve learned that scammers are impersonating Commvault team membersincluding HR and leadershipvia email or text. These bad actors may conduct fake interviews and ask for personal information such as your social security number.

What to know:

• Commvault doesnotconduct interviews by email or text.
• We will never ask you to submit sensitive documents (including banking information SSN etc) before your first day.

If you suspect a recruiting scam please contact us at

About Commvault

Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience. The company empowers customers to uncover take action and rapidly recover from cyberattacks keeping data safe and businesses resilient. The companys unique AI-powered platform combines best-in-class data protection exceptional data security advanced data intelligence and lightning-fast recovery across any workload or cloud at the lowest TCO. For over 25 years more than 100000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks improve governance and do more with data.

What youll do

• Design / build / implement and maintain scalable automation tools and pipelines for application security including static (SAST) dynamic (DAST) and software composition analysis (SCA) scanning.
• Collaborate with developers security engineers and DevOps teams to integrate security automation seamlessly into CI/CD workflows.
• Identify opportunities for improving security tool coverage efficiency and performance.
• Develop custom scripts plugins or APIs to extend the capabilities of security testing and remediation automation.
• Monitor and analyze security automation tool results generate actionable insights and support incident response and remediation efforts.
• Stay up to date on the latest security automation trends technologies and best practices and advocate for continuous improvement in tooling and processes.
• Provide mentorship and guidance to other engineers on secure coding and secure development lifecycle practices.

Who you are

• 6 years of software engineering experience with a focus on security automation or application security.
• Proficiency in Python Ruby Go Java or similar programming languages.
• Strong understanding of application security principles vulnerabilities (e.g. OWASP Top Ten) and remediation techniques.
• Hands-on experience implementing and configuring security scanning tools such as SAST (e.g. Checkmarx Fortify) DAST (e.g. Burp Suite OWASP ZAP) and SCA (e.g. Snyk WhiteSource).
• Familiarity with CI/CD pipelines (e.g. Jenkins GitHub Actions GitLab CI) and infrastructure as code tools (e.g. Terraform Ansible) is a plus.
• Solid understanding of software development lifecycle (SDLC) processes and how to integrate security automation seamlessly.
• Excellent problem-solving skills and ability to work independently and as part of a team.

Preferred Skills:

• Experience with cloud-native security automation (e.g. in AWS Azure or GCP environments).
• Familiarity with container security (e.g. Docker Kubernetes) and related security scanning solutions.
• Knowledge of threat modeling and security risk assessments.

#LI-VK