Provide security guidance on new products and technologies.
Conduct threat modeling and risk assessments to identify and mitigate potential security risks.
Support the implementation of secure development practices and standards.
Oversee regular security assessments and manage the product security pipeline to identify and address vulnerabilities.
Respond to security incidents related to products and coordinate with relevant teams to mitigate impacts.
Integrate and manage security tools and processes to automate security testing and monitoring.
Maintain internal documentation and ensure adherence to security standards and best practices
Create and maintain Secure Development policies.
Track and prioritize all security issues
Work closely with developers to integrate security into the software development lifecycle.
Provide training and raise awareness about security best practices among development teams.
Support responses for security questionnaires and audits.
Minimum Qualifications
5+ years of proven experience in application security & secure development
Strong foundations in software engineering
Experience or working knowledge of modern development, test, and deployment models
Demonstrate expertise in application security domain and architecture design
Understanding of application security in context of SDLC and CI-CD
Understanding of OWASP MASVS and ASVS
In-depth knowledge of cloud-native ecosystem
Working knowledge on exploiting and fixing application vulnerabilities
Proficient in one or more programming languages
Strong background in threat modeling
Familiarity with industry standard secure design models
In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10)
Familiarity with automated dynamic scanners and proxy tools
An analytical mind for problem solving, abstract thought, and offensive security tactics
Ability to articulate complex issues to executives, product owners, and other developers
Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences
