- Manage and optimize code scanning tools (e.g., SAST, DAST) to detect and remediate security vulnerabilities.
- Provide security guidance and best practices to engineering teams throughout the software development lifecycle.
- Design, maintain, and report on application security metrics and dashboards to track progress and effectiveness.
- Perform security assessments, including threat modeling and architecture reviews for new features and applications.
- Collaborate with DevOps and CI/CD teams to integrate security tools seamlessly into development pipelines.
- Stay up-to-date on the latest security threats, vulnerabilities, and remediation strategies to evolve application security practices.
- Deliver secure coding training and resources to engineering teams to foster a security-first culture.
Things You Will Need to Be Successful in This Role
- Typically requires a minimum of 5 years of relatedexperience with a Bachelors degree; or 3 years anda Master's degree; or a PhD without experience; orequivalent work experience.
- Proficiency with code scanning tools.
- Deep understanding of secure coding practices and standards (e.g., OWASP Top Ten).
- Hands-on experience with programming languages such as Python, Java, JavaScript, or C#.
- Familiarity with CI/CD pipelines and integrating security tools into DevOps workflows.
- Strong analytical skills to interpret scan results and prioritize remediation efforts.
- Certifications (Preferred): CSSLP or relevant security certifications.
- Excellent communication and collaboration skills to work effectively with cross-functional teams.
- A proactive and detail-oriented mindset to identify and mitigate risks early in the development lifecycle.
