Application Security Lead | Offshore
Проверена 2 дн. назадОпубликована 2 дн. назад Application SecurityDevSecOpsCloud Securitysecurity leadershipSecurity EngineeringcontainerizationOperationsgovernanceJavaCI/CDIT Operationscode reviewsSolutionsSoftware Developmentgithubgithub actionsapispipelinescodingdastautomation toolstoolscollaborationsastplatformsecure codingapplicationDevelopmentscaweb applicationsplatformssecurityDesignreviewsowaspsecurity automationComputer Scienceowasp top 10learningtrainingworkflowsconnectsoftwareproductcloud platformsscienceasprogrammingprogramming languagesskillsKubernetesDockerslaAWSsoftware development lifecycleDynamicci/cd pipelinesDevOpsazuretopthreat modelingcultureteamspythonguidanceriskAutomationempathyWebInformation Securitycdcd pipelinescifunctionalsupervisionmodeling
Описание вакансии
Responsibilities
- Shift left” security efforts to build security into the software development lifecycle:
- Conduct secure design reviews and threat modeling to identify and prioritize risks, attack surfaces, and vulnerabilities
- Deploy and operationalize static (SAST), dynamic (DAST), dependency (SCA) and secrets scanning
- Work with Platform DevOps team to build and maintain security automation tools to seamlessly embed inline security checks into CI/CD pipelines
- Partner with Platform DevOps to help design secure-by-default architectures and workflows
- Assist with application security code reviews of source code changes and advise developers on remediating vulnerabilities following secure coding practices
- Establish and track SLA governance to ensure security findings are identified, prioritized, and remediated.
- Maintain application asset inventory.
- Lead the Security Champions Program to build security-minded culture amongst developers and IT Operations teams.
- Act as a trusted advisor and partner for development and cross-functional project teams, providing actionable guidance to address security.
- Help with training on secure coding practices, empowering teams to proactively prevent vulnerabilities.
- Evaluate and implement security tools and automation solutions to enhance the security posture of applications and streamline security processes.
PROFILE
- Bachelor's degree in Computer Science, Information Security, or related professional experience.
- Have 3+ years of hands-on experience in application security, including securing cloud-based and containerized environments.
- Experience performing secure code reviews and interpreting SAST/SCA/DAST results.
- Strong experience with modern development workflows, including CI/CD pipelines, using Azure Pipelines and GitHub Actions.
- Working knowledge of the OWASP Top 10 for web applications and APIs and how to apply the standard to minimize security risk.
- In-depth understanding of vulnerabilities and secure coding practices.
- Hands-on experience with security tools like Snyk, Veracode, Burpsuite or similar.
- Familiarity with cloud platforms (AWS, Azure) and containerization (Docker, Kubernetes).
- Proficiency in programming languages like Python, Java, or C# is preferred.
- Have empathy, collaboration skills, and a learning mindset to work cross-functionally with engineers of all levels to build security into the product life cycle.
- Possess broad security knowledge to connect the dots across domains and identify holistic ways to lower the overall threat surface.
- Have the ability to distill complex security concepts into clear actions and drive consensus with minimum supervision.
- Demonstrated success in partnering with developers to integrate security.
