Security Architecture:Design and implement application security architecture and processes, ensuring they align with industry best practices and regulatory requirements.
Secure SDLC:Manage a risk-balanced SDLC by integrating threat modeling, secure code reviews, and security testing.
Vulnerability Management:Identify, triage, and remediate security vulnerabilities through static and dynamic application security testing (SAST/DAST) and software composition analysis (SCA)tools.
Security Assessments Penetration Testing:Perform advanced penetration testing and red teaming across web, mobile, and cloud applications. Leverage exploit development techniques to identify high-risk vulnerabilities and collaborate with engineering teams for effective remediation.
Secure Code Review:Analyze source code and provide security recommendations to developers to ensure adherence to secure coding best practices.
Threat Modeling Risk Analysis:Perform threat modeling to anticipate potential attack vectors and improve security architecture on complex or cross-functional components
DevSecOps Enablement:Lead and enhance DevSecOps initiatives by identifying gaps and integrating security automation within CI/CD pipelines.
Incident Response Remediation:Lead security incident response related to applications and work with engineering teams to remediate threats.
Security Awareness Training:Develop and lead customized security training programs for engineering teams, focusing on OWASP Top 10, threat modeling, AI security risks, and secure coding principles.
