Application security

Job Description

Role and Responsibilities:

• Act as a primary liaison between technical teams and business stakeholders, facilitating expert advice on vulnerability remediation strategies and best practices.
• Ensure strict adherence to security standards and advocate for the seamless integration of security measures into the Software Development Life Cycle (SDLC).
• Develop and nurture collaborative relationships with business and development teams to align security objectives with business priorities, ensuring mutual benefit and effective prioritization.
• Assess risks identified in vulnerability assessment results and other security-related data, prioritizing remediations in alignment with business objectives.
• Partner with application teams to devise strategies for mitigating identified security gaps, assisting in the planning and prioritization of security remediation efforts and control implementations.
• Provide technical guidance and support to application teams in implementing security controls, advocating for security-by-design principles, and integrating security scanning into the application build process.
• Collaborate closely with stakeholders to ensure the completeness and accuracy of information security exception requests, aligning them with predetermined criteria and established risk tolerance levels.
• Regularly communicate with management and stakeholders, presenting detailed reports and updates on vulnerabilities, ongoing remediation efforts, and the status and trends of exception requests
• Conduct ongoing security research to stay abreast of current security challenges, identifying new opportunities for security integration and automation to enhance overall security posture.
• Provide training and awareness on vulnerability risk management practices to technical teams and business stakeholders.

Requirements:

• Bachelor's degree in computer science, Information Security, or a related field. Good to have advanced degree or relevant certifications (e.g., CISSP, CISM).
• Minimum 8 years of demonstrated expertise in application security, coupled with proficiency in development.
• Strong understanding of application security concepts, vulnerabilities, and attack vectors.
• Robust Information Security technical skills and knowledge to identify, research, and understand security control gaps and program compliance issues.
• Exceptional ability to communicate security concepts, threats, controls, and mitigation/remediation strategies to diverse audiences, including those unfamiliar with such topics.
• Proven track record in information security vulnerability assessment, remediation, and security governance.
• Familiarity with Security Policies, Procedures, Audit, and Compliance requirements.
• Expert understanding of code syntax and semantics of at least one object-oriented programming language.
• Possess an analytical mindset with the ability to prioritize and assess risks related to vulnerabilities and exception requests.
• Proven ability to work independently, prioritize tasks, and manage multiple projects simultaneously in a fast-paced environment, ensuring timely and efficient completion of objectives.

Soft Skills:

• Excellent communication and interpersonal skills, adept at articulating technical concepts to non-technical stakeholders.
• Capable of effectively collaborating with cross-functional teams and building consensus is essential.
• Commitment to continuous learning and staying updated on industry developments and emerging technologies.

Good to have:

• Familiarity with cloud security concepts, cloud services, and cloud security controls.
• Knowledge of security frameworks, standards, and benchmarks.