Application Security Lead | Offshore

Responsibilities

• Shift left” security efforts to build security into the software development lifecycle:

• Conduct secure design reviews and threat modeling to identify and prioritize risks, attack surfaces, and vulnerabilities

• Deploy and operationalize static (SAST), dynamic (DAST), dependency (SCA) and secrets scanning

• Work with Platform DevOps team to build and maintain security automation tools to seamlessly embed inline security checks into CI/CD pipelines

• Partner with Platform DevOps to help design secure-by-default architectures and workflows

• Assist with application security code reviews of source code changes and advise developers on remediating vulnerabilities following secure coding practices

• Establish and track SLA governance to ensure security findings are identified, prioritized, and remediated.

• Maintain application asset inventory.

• Lead the Security Champions Program to build security-minded culture amongst developers and IT Operations teams.

• Act as a trusted advisor and partner for development and cross-functional project teams, providing actionable guidance to address security.

• Help with training on secure coding practices, empowering teams to proactively prevent vulnerabilities.

• Evaluate and implement security tools and automation solutions to enhance the security posture of applications and streamline security processes.
  

PROFILE

• Bachelor's degree in Computer Science, Information Security, or related professional experience.

• Have 3+ years of hands-on experience in application security, including securing cloud-based and containerized environments.

• Experience performing secure code reviews and interpreting SAST/SCA/DAST results.

• Strong experience with modern development workflows, including CI/CD pipelines, using Azure Pipelines and GitHub Actions.

• Working knowledge of the OWASP Top 10 for web applications and APIs and how to apply the standard to minimize security risk.

• In-depth understanding of vulnerabilities and secure coding practices.

• Hands-on experience with security tools like Snyk, Veracode, Burpsuite or similar.

• Familiarity with cloud platforms (AWS, Azure) and containerization (Docker, Kubernetes).

• Proficiency in programming languages like Python, Java, or C# is preferred.

• Have empathy, collaboration skills, and a learning mindset to work cross-functionally with engineers of all levels to build security into the product life cycle.

• Possess broad security knowledge to connect the dots across domains and identify holistic ways to lower the overall threat surface.

• Have the ability to distill complex security concepts into clear actions and drive consensus with minimum supervision.

• Demonstrated success in partnering with developers to integrate security.