Key Responsibilities:
- Lead the application security program across all software products, ensuring the adoption of secure development practices, vulnerability management, and secure coding standards.
- Perform advanced security assessments, penetration testing, threat modeling, and code reviews for web applications, mobile apps, and cloud-native services.
- Lead and mentor a team of security engineers, providing guidance on secure coding practices, vulnerability remediation, and security best practices.
- Build and manage security testing tools, processes, and frameworks, including automated security testing within the CI/CD pipeline.
- Collaborate with cross-functional teams (e.g., development, operations, and IT) to implement security requirements throughout the SDLC.
- Drive the integration of security into Agile and DevOps workflows, ensuring continuous security testing and compliance.
- Conduct risk assessments and provide actionable security recommendations to mitigate potential threats across all stages of the software development lifecycle.
- Ensure that security issues are identified, tracked, and remediated within project timelines and defined risk thresholds.
- Manage relationships with key stakeholders and provide technical security leadership across the organization.
- Lead the design, development, and implementation of security policies, standards, and frameworks, ensuring alignment with industry best practices (OWASP, NIST, ISO, etc.).
- Provide expertise in the secure design and architecture of web and mobile applications, APIs, microservices, and cloud infrastructure.
- Stay updated with the latest security trends, tools, technologies, and vulnerabilities to continuously improve the application security program.
- Lead incident response for security events related to application vulnerabilities, providing analysis, remediation strategies, and post-incident reporting.
Required Skills & Experience:
- 6-12 years of experience in application security, penetration testing, or related security fields.
- Proven expertise in securing web and mobile applications (OWASP Top 10, OWASP Mobile, etc.), APIs, and microservices architectures.
- In-depth experience with security testing methodologies (SAST, DAST, IAST, and penetration testing).
- Strong expertise in identifying and mitigating security risks in the SDLC, and integrating security into Agile/DevOps workflows.
- Solid understanding of common programming languages (e.g., Java, Python, .NET, JavaScript, C++, etc.) and secure coding practices.
- Experience with threat modeling, risk assessments, and vulnerability management processes.
- Expertise in cloud security, including cloud platforms like AWS, Azure, and GCP.
- Extensive experience with security tools such as Burp Suite, ZAP, Fortify, Checkmarx, SonarQube, and related tools.
- Strong knowledge of web protocols (HTTP, HTTPS, REST, SOAP) and application security features (authentication, authorization, encryption).
- Familiarity with industry frameworks and standards (e.g., NIST, ISO 27001, SOC2, PCI DSS, GDPR).
- Experience in mentoring and leading security teams, driving security initiatives across engineering departments.
- Proficiency with secure coding practices and application security tools in continuous integration/continuous deployment (CI/CD) pipelines.
- Strong communication skills with the ability to collaborate with both technical and non-technical stakeholders to drive security solutions.
- Ability to influence and advocate for security initiatives in a complex organizational structure.
