Job Description

Responsibilities

Shift left" security efforts to build security into the software development lifecycle: Conduct secure design reviews and threat modeling to identify and prioritize risks, attack surfaces, and vulnerabilities Deploy and operationalize static (SAST), dynamic (DAST), dependency (SCA) and secrets scanning Work with Platform DevOps team to build and maintain security automation tools to seamlessly embed inline security checks into CI/CD pipelines Partner with Platform DevOps to help design secure-by-default architectures and workflows Assist with application security code reviews of source code changes and advise developers on remediating vulnerabilities following secure coding practices Establish and track SLA governance to ensure security findings are identified, prioritized, and remediated. Maintain application asset inventory. Lead the Security Champions Program to build security-minded culture amongst developers and IT Operations teams. Act as a trusted advisor and partner for development and cross-functional project teams, providing actionable guidance to address security. Help with training on secure coding practices, empowering teams to proactively prevent vulnerabilities. Evaluate and implement security tools and automation solutions to enhance the security posture of applications and streamline security processes.

PROFILE

Bachelor's degree in Computer Science, Information Security, or related professional experience. Have 3+ years of hands-on experience in application security, including securing cloud-based and containerized environments. Experience performing secure code reviews and interpreting SAST/SCA/DAST results. Strong experience with modern development workflows, including CI/CD pipelines, using Azure Pipelines and GitHub Actions. Working knowledge of the OWASP Top 10 for web applications and APIs and how to apply the standard to minimize security risk. In-depth understanding of vulnerabilities and secure coding practices. Hands-on experience with security tools like Snyk, Veracode, Burpsuite or similar. Familiarity with cloud platforms (AWS, Azure) and containerization (Docker, Kubernetes). Proficiency in programming languages like Python, Java, or C# is preferred. Have empathy, collaboration skills, and a learning mindset to work cross-functionally with engineers of all levels to build security into the product life cycle. Possess broad security knowledge to connect the dots across domains and identify holistic ways to lower the overall threat surface. Have the ability to distill complex security concepts into clear actions and drive consensus with minimum supervision. * Demonstrated success in partnering with developers to integrate security.