✨ About The Role
- The role involves leading and executing application security assessments, including SAST, DAST, code reviews, and penetration testing.
- Collaboration with development teams to integrate security best practices into the software development lifecycle (SDLC) is a key responsibility.
- The position requires performing threat modeling on existing and upcoming feature sets to ensure appropriate security controls are implemented.
- Developing and enforcing a robust Identity and Access Management posture is part of the job.
- The engineer will design, implement, and maintain application security controls and solutions, leveraging hands-on coding experience.
- Automating application security controls using scripting to enhance efficiency is expected.
- The role includes owning the vulnerability assessment and patch triage process to support ongoing vulnerability management.
- Ensuring compliance with regulatory requirements and industry standards for application security is crucial.
- The engineer will stay current with the latest application security threats, vulnerabilities, and best practices to continuously improve processes and technologies.
⚡ Requirements
- A bachelor's degree in Computer Science, Information Assurance, Cyber Security, or a related field is required.
- Candidates should have over 7 years of experience in a security engineering or operations role, specifically focusing on application security.
- Extensive hands-on experience with security tools such as Burp Suite, SonarQube, OWASP ZAP, and Checkmarx is essential.
- A strong understanding of applied cryptography, TLS/SSL, and web authentication protocols like OAuth/SAML is necessary.
- Proficiency in scripting languages such as Python, Perl, PHP, or Ruby for task automation and data manipulation is expected.
- Experience in developing threat models and familiarity with AWS security best practices is important.
- Relevant industry certifications such as CISSP or CSSLP are considered a plus.