Key Responsibilities and Accountabilities
- Align products with organizational policies, standards, and regulatory requirements (e.g., NIST, ISO 27001, PCI DSS, GDPR).
- Identify, track, and drive timely closure of vulnerabilities in products and applications.
- Provision cybersecurity trainings, events, and awareness programs for diverse audiences.
- Build and maintain strong relationships with internal and external stakeholders; represent product security in bug bounties and cybersecurity incidents.
- Prepare and present regular reports on product cybersecurity dashboards, including design issues (Threat Modelling), configuration issues (IaC/deployment), coding issues (SCA & SAST), and runtime issues (API/Web DAST).
- Apply knowledge of OWASP Top 10, SANS 25, API security, Threat Modelling, SAST, DAST, SCA, and incident handling.
- Understand API/cloud/container security, zero trust, defense in depth, and secure by design principles.
- Participate in implementation of secure SDLC and ensure compliance frameworks are followed (PCI DSS, SOC 2, ISO 27001, GDPR).
