Job Description

Duties:

Your key responsibilities will consist of the following to ensure applications are resilient against emerging threats, reducing potential financial and reputational damage from security incidents.

• Embed security best practices into the software development lifecycle (SDLC).
• Conduct in-depth security assessments, including vulnerability scanning, and code reviews.
• Leverage automated tools and manual testing techniques to identify, risk assess and prioritize and propose mitigation strategies for identified threats and application-level vulnerabilities (e.g., OWASP Top 10, etc.) ensuring our applications meet security standards and reducing exposure to data breaches.
• Collaborate with security architects to design secure application architectures that align with industry best practices.
• Ensure secure coding practices are followed, and security controls are incorporated into software designs.
• Conduct detailed threat modeling to identify attack vectors and potential weaknesses.
• Collaborate with our SDLC Council to develop and maintain secure coding standards, empowering developers to integrate security into the development process.
• Partner with DevOps teams to implement security within CI/CD (continuous integration & delivery) pipelines for automated and seamless deployment of secure code.
• Develop, configure, and maintain tools for static and dynamic application security testing (SAST/DAST).

Qualifications:

• Experience in integrating security into DevOps (DevSecOps) and CI/CD environments.
• Strong technical knowledge of web application security, cloud security (AWS, Azure, GCP), mobile security, infrastructure as code (IaC), containerized environments (Docker, Kubernetes), and API security.
• Hands-on experience with security tools such as SAST, DAST, SCA, IAST, and fuzzing tools.
• Deep understanding of common vulnerabilities (e.g., OWASP Top 10) and their mitigations.
• Advance understanding and experience with writing source code in at least one programming language (e.g., JavaScript, Java, C/C++/C#, Python, etc.) and familiarity with software security frameworks (e.g., Maven, Node, Gradle, etc.).
• Experience with identifying security vulnerabilities/defects in dockers, containers, and Kubernetes.
• Experience with cloud deployment and automation tools (Terraform, GitHub Actions, Jenkins, AWS Cloud Formation Templates, Secrets Managers).

NO 3rd PARTY / Corp to Corp candidates or Agencies

Job Tags

Similar Jobs