Perform manual and automated scanning and security analysis of the company's platform including identifying threats, vulnerabilities, and risks to the business
Work with development teams throughout the entire SDLC to ensure code is secure by design, secure by default, and secure in deployment.
Create and maintain a vulnerability management program that will ensure the timely identification, reporting and remediation of application vulnerabilities
Proactively identify, triage and address security flaws, threats, and vulnerabilities
Other Job Duties
Other duties as assigned by supervisor or company leader.
Travel up to 10%, including overnight travel
Required Education, Experience, Certifications and Skills
8+ years of application security experience
Bachelor's degree in Computer Science or a related technical field, or equivalent practical experience
Experience with attack and mitigation methods, Web application and browser security, security assessments and penetration testing
Solid understanding of common web application technologies, languages, and frameworks
Thorough knowledge of common software vulnerabilities and a strong understanding of methods to identify and remediate vulnerabilities
Experience with at least one high-level language (i.e. Python, Ruby, etc.)
Knowledge of secure coding principles and best practices for web applications
Experience with commercial and open-source web application testing tools for SAST, DAST, IAST, and RASP, and analysis tools
Experience with multiple programming languages (such as .NET, Python, etc.)
Experience performing automated and manual vulnerabilities assessments of web applications based on methodologies such as OWASP and WASC
Knowledge of authentication and access control, security monitoring and intrusion detection, data encryption, and cryptography techniques
Experience securing public cloud environments such as Amazon AWS, GCP or Microsoft Azure
Ability to scale security within the SDLC through automation