Job Description

Responsibilities  

  • Shift left” security efforts to build security into the software development lifecycle: 
  • Conduct secure design reviews and threat modeling to identify and prioritize risks, attack surfaces, and vulnerabilities 
  • Deploy and operationalize static (SAST), dynamic (DAST), dependency (SCA) and secrets scanning
  • Work with Platform DevOps team to build and maintain security automation tools to seamlessly embed inline security checks into CI/CD pipelines 
  • Partner with Platform DevOps to help design secure-by-default architectures and workflows 
  • Assist with application security code reviews of source code changes and advise developers on remediating vulnerabilities following secure coding practices 
  • Establish and track SLA governance to ensure security findings are identified, prioritized, and remediated. 
  • Maintain application asset inventory. 
  • Lead the Security Champions Program to build security-minded culture amongst developers and IT Operations teams. 
  • Act as a trusted advisor and partner for development and cross-functional project teams, providing actionable guidance to address security. 
  • Help with training on secure coding practices, empowering teams to proactively prevent vulnerabilities. 
  • Evaluate and implement security tools and automation solutions to enhance the security posture of applications and streamline security processes. 
     

    • PROFILE  

  • Bachelor's degree in Computer Science, Information Security, or related professional experience. 
  • Have 3+ years of hands-on experience in application security, including securing cloud-based and containerized environments.
  • Experience performing secure code reviews and interpreting SAST/SCA/DAST results. 
  • Strong experience with modern development workflows, including CI/CD pipelines, using Azure Pipelines and GitHub Actions.
  • Working knowledge of the OWASP Top 10 for web applications and APIs and how to apply the standard to minimize security risk. 
  • In-depth understanding of vulnerabilities and secure coding practices. 
  • Hands-on experience with security tools like Snyk, Veracode, Burpsuite or similar.
  • Familiarity with cloud platforms (AWS, Azure) and containerization (Docker, Kubernetes). 
  • Proficiency in programming languages like Python, Java, or C# is preferred.
  • Have empathy, collaboration skills, and a learning mindset to work cross-functionally with engineers of all levels to build security into the product life cycle. 
  • Possess broad security knowledge to connect the dots across domains and identify holistic ways to lower the overall threat surface. 
  • Have the ability to distill complex security concepts into clear actions and drive consensus with minimum supervision. 
  • Demonstrated success in partnering with developers to integrate security.

    • Apply for this Position

    Ready to join ? Click the button below to submit your application.

    Submit Application