Job ID: 5073
- Design, implement and manage application security controls; integrate and automated security tools and testing into the CI/CD pipeline.
- Ensure security processes are included in all phases of Software Development Lifecycle (SDLC).
- Lead application scanning and penetration testing activities and drive remediation of findings.
- Lead the selection and management of static/dynamic code analysis tools.
- Perform security assessments and provide recommendations on securing our various web applications and APIs; contribute to secure coding standards and participate in code reviews.
- Design and manage application monitoring and forensics capabilities.
- Serve as a security expert and provide guidance and technical leadership to other staff members.
- Keep abreast of and provide recommendations on emerging AppSec technologies/tools.
- Support compliance/certification activities and participate in security audits/reviews.
- 6+ years’ experience in the cybersecurity, IT, or engineering fields; with at least 2 years in an AppSec role.
- Strong understanding of application security domain including OWASP Top Ten, exploitation and defense of web applications and APIs.
- Strong understanding of authentication/authorization, OAuth, JWT, secret/key management, and encryption technologies.
- Experience with automated software testing, static/dynamic code analysis, whitebox/blackbox testing and the associated open source and/or commercial tools.
- Experience developing in modern programming language such as Java, Spark, C# or Python
- Ability to work effectively in a cross-functional setting through influence, persuasion, and collaboration; strong communication skills