Key skills
AndroidAWSAzureCloudGoogle Cloud PlatformiOSJavaJavaScriptPythonSDLC.NETBashPowerShellGCPGoogle CloudCI/CDLeadershipOWASPPenetration TestingCloud Security
About this role
Role Overview
- Drive the development and implementation of advanced security practices, policies, and frameworks to ensure the integrity and confidentiality of our applications.
- Provide principal leadership to the application security program, helping set the strategic direction, goals, and objectives to enhance the overall security posture of our applications.
- Develop and implement advanced application security practices, including secure coding standards, threat modeling methodologies, and secure software development lifecycle (SDLC) processes.
- Conduct in-depth application security assessments, including code reviews, architecture reviews, and penetration testing, to identify and remediate complex security vulnerabilities and risks.
- Collaborate closely with development teams, architects, and stakeholders to provide expert guidance on secure coding practices, security design principles, and the selection and implementation of security controls.
- Define and maintain application security policies, standards, and guidelines, ensuring alignment with regulatory requirements and industry best practices.
- Drive the integration of security into the CI/CD pipeline and automated security testing tools and processes to enable secure and efficient application development and deployment.
- Evaluate and recommend emerging technologies, frameworks, and security tools to enhance application security capabilities, scalability, and efficiency.
- Lead incident response efforts for application security incidents, working with cross-functional teams to investigate, contain, and remediate security breaches or vulnerabilities.
- Stay current with the latest application security threats, vulnerabilities, and attack vectors, and provide strategic recommendations and guidance to mitigate emerging risks.
- Serve as a subject matter expert and thought leader on application security, representing the organization in external forums, conferences, and industry working groups.
Requirements
- Bachelor’s degree in computer science, Information Security, or a related field
- or equivalent work experience
- 10+ years of progressive experience in application security, with a focus on securing complex web and mobile applications
- Extensive expertise in application security principles, secure coding practices, secure architecture design, and vulnerability assessment techniques
- Strong knowledge of web and mobile application frameworks, languages, and technologies (e.g., Java, .NET, JavaScript, Python, Android, iOS)
- Proven experience conducting advanced application security assessments, including code reviews, architecture reviews, and penetration testing
- Deep understanding of web application security vulnerabilities (OWASP Top Ten), advanced attack techniques, and mitigation strategies
- Demonstrated ability to develop and implement secure software development lifecycle (SDLC) processes and integrate security into DevOps and CI/CD practices
- Expertise in cloud security concepts and practices, with hands-on experience in cloud-native environments (e.g., AWS, Azure, GCP)
- Strong scripting or programming skills for automation and tooling (e.g., Python, Bash, PowerShell)
- Professional certifications in application security (e.g., CSSLP, GWAPT, CISSP) and active participation in industry forums or associations are highly desirable.
Tech Stack
- Android
- AWS
- Azure
- Cloud
- Google Cloud Platform
- iOS
- Java
- JavaScript
- Python
- SDLC
- .NET
Benefits
- Equal employment opportunity for all employees
- Work environment free of discrimination and harassment