KEY ACTIVITIES AND RESPONSIBILITIES
- Collaborate with cross-functional teams to integrate security into the software development lifecycle (SDLC) and ensure security best practices are followed.
- Review application security architecture design as part of requirements gathering and development, ensure the design is following a good application security guidelines and best practices.
- Design and implement application security strategies, policies, guidelines and checklists.
- Conduct threat modeling, and Privacy Impact Assessment to identify potential security and privacy risks.
- Collaborate with stakeholders to define security requirements for applications and systems.
- Conduct security assessments, vulnerability assessments, and code reviews to identify and mitigate security risks.
- Provide guidance and technical expertise to development teams in resolving security vulnerabilities.
- Develop and maintain secure coding guidelines and training programs for developers.
- Stay up-to-date with emerging security threats and industry trends to proactively address potential risks.
- Participate in incident response and lead efforts to remediate security incidents.
- Perform security architecture reviews and design reviews for new and existing applications.
- Develop and deliver AppSec Training & Awareness sessions for Application team
- Develop application security checklist as part of any application development non-functional requirements.
- Ensure applications comply with industry security standards and regulations (e.g., OWASP, NIST, GDPR)
- Oversee and implement security testing strategies, including static and dynamic analysis, penetration testing, and code reviews
- Collaborate with IT and cybersecurity teams to align application security with overall enterprise security strategy.
- Address findings from security tests and audits.
Minimum Qualifications & Experience:
- Bachelor's degree in Computer Science, Information Security, or a related field
Any of the following Certificate (or equivalent)
- GIAC Certified Web Application Defender (GWEB), or equivalent certifications
- GIAC Web Application Penetration Tester (GWAPT), or equivalent certifications
- Certified Secure Software Lifecycle Professional (CSSLP) or equivalent certifications
Job Specific Skills:
- Proven experience (5+ years) in application security, including threat modeling, secure coding, and vulnerability management, and app testing
- Application development and CI/CD DevOps fundamentals experience (3+ years)
- Strong knowledge of application security principles, secure coding practices, OWASP Top Ten & Guidelines, and security testing tools.
- Experience with security technologies and tools such as Web Application Firewalls (WAFs), Static Application Security Testing (SAST), and Dynamic Application Security Testing (DAST).
- Familiarity with cloud security concepts, technologies and best practices
- Understanding of Web, API, Microservice, and Mobile App Security issues and Defense
- Experience on code review tools and penetration testing.
- Good understanding of containerization technology.
- Strong understanding of encryption, authentication and identity management
- Excellent communication and collaboration skills.
- Ability to lead and mentor teams on security matters.
- Strong problem-solving and analytical skills.