Key skills
AWSAzureCloudCyber SecurityKubernetesMicroservicesSDLCCI/CDCommunicationCheckmarxOWASPPenetration Testing
About this role
Role Overview
- Serve as a primary liaison between the Cybersecurity and development teams, ensuring security is integrated into design, development, deployment, and operations.
- Conduct application security assessments, code reviews, API testing, threat modeling, and penetration testing to identify vulnerabilities.
- Define, maintain, and enforce secure coding standards, patterns, and best practices.
- Integrate and manage security tooling within CI/CD pipelines, including SAST, DAST, SCA, IaC scanning, and container security solutions.
- Support secure architecture reviews for cloud‑native applications, microservices, and containerized workloads.
- Support threat modeling, risk assessments, and security architecture reviews for applications.
- Ensure that all security practices meet regulatory and compliance requirements.
- Develop and deliver cybersecurity training programs for development teams to promote awareness and adherence to best practices.
- Ensure application security practices align with regulatory and compliance frameworks (e.g., NIST CSF, ISO 27001, IEC 62443).
- Keep up to date on emerging threats, incorporating threat intelligence into security practices and providing proactive defenses.
- Monitor and respond to application security threats, incidents and vulnerabilities.
- Stay up to date on regulatory developments and industry trends.
- Manage and maintain third-party vendor and consultant relationships.
- Perform other duties as assigned.
Requirements
- Bachelor’s degree in a technical field (e.g., Computer Science, Information Systems, Cybersecurity)
- 5+ years of experience in Information Security, with at least 3 years focused on application security, secure development, or DevSecOps
- Demonstrated experience building and scaling an application security program, either as the lead or a key contributor
- Strong knowledge of OWASP Top 10, OWASP ASVS, SANS Top 25, and secure SDLC methodologies
- Hands-on experience with application security testing tools such as Burp Suite, Fortify, Checkmarx, Veracode, and ZAP
- Experience conducting threat modeling, penetration testing, secure software development, and secure architecture reviews
- Practical experience securing cloud environments (AWS or Azure) and implementing cloud-native security controls
- Familiarity with Kubernetes security, container hardening, and runtime protection
- Strong communication skills with the ability to collaborate and influence across technical and non-technical teams.
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Kubernetes
- Microservices
- SDLC
Benefits
- Paid time off plus paid holidays
- Medical/dental/vision insurance plan
- Life insurance, short/long term disability, tuition reimbursement, flex spending, and employee stock purchase plan
- 401K plan