The ideal candidate for this role should have the following background:
Development background and a security mindset.
Someone who is practical in his/her approach to security.
Ability to collaborate effectively with the stakeholders.
Creative ability to find vulnerabilities.
Evaluate and implement tools/frameworks/services supporting secure software delivery and monitoring
Verify security vulnerabilities identified by automated tools and configure tools to reduce noise
Develop threat models with development teams to help expose risks in their deliverables
Participate in application design and architectural reviews
Train and mentor development teams on secure coding practices via regular code reviews, pair programming, and training exercises/presentations
Facilitate activities such as blue/red team events and bug bounty programs
Lead prioritization discussions to gain traction on important security issues
Act as a liaison with 3rd parties performing vulnerability scans and penetration testing to validate findings and inform priorities and strategies for remediation
Draft, evaluate, and monitor compliance with application and development security standards
Ensures teams are validating for OWASP and performing industry leading application security practices
3+ application security experience.
5+ application development experience.
Experience with SAST & DAST application scanning tools and knowledge of OWASP tools and methodologies
Knowledge of APIs and best practices for testing and securing
Knowledge of Bug Bounty programs and integration into SDLC
Knowledge of Web Application Firewalls (WAF)
Application security experience with high level programming languages (e.g., Java, C, C++, C#, VB, .NET, ASP.NET, ASP, PHP, J2EE, JSP)
Exposure to container technologies – Docker, Docker Swarm, Kubernetes
Strong scripting experience – PowerShell, Python, etc.
Programing background and working experience in SDLC and software development tools such as Eclipse, Jenkins or similar
Experience with Cloud Service Providers (Azure and/or AWS)
In depth understanding of CI/CD processes and tooling around it.
Communication skills to create documentation, videos and conduct training classes
Strong analytical skills.
Ability to manage multiple tasks simultaneously and meet established deadlines.
Ability to collaborate with IT teams on security-related tasks and projects.
Ability to work productively while remote and communicate effectively in a virtual team environment.
Ability to stay current with new technology.
Education & Certifications
A ’s in Information Security, Computer Science, Information Systems, or another related field is preferred, but not required.
A CISSP certification is preferred, but not required. Career development plan to include certifications upon hire.