Plan the application security roadmap to improve the way application security is practiced in the organization.
Develop secure application development practices, standards, guidelines, and solutions to raise the application security practices of our application teams.
Maintain various application security processes and automated source code scanning platforms in the organization.
Support various types of application testing and delivery (e.g. CI/CD) within the organization.
Train and up-skill developers in the area of secure coding in various programming platforms such as Java, C#, PHP, etc. and to write security acceptance criteria in user stories.
Train the applications team to write security unit tests and perform secure coding assessments
Work with the DevOps team to improve security in the CI/CD pipeline
Requirements & Skills:
At least 3-5 years combined work experience in software development, application security and cloud computing (e.g. Azure, AWS)
Background in Computer Science or related field required
Experience in conducting manual secure source code review in at least one of the following programming platforms in both waterfall and Agile approaches: Java, PHP, Javascript, C#, Android, iOS 4. Experience in threat modelling and ability to establish threat profiles for application projects to identify, quantify, and remediate application security risks.
Experience working with mobile and web application programming interfaces (API) architecture (e.g. REST, SOAP, SSL/TLS)
Demonstrate knowledge in industry security best practices such as OWASP Top 10, OWASP application security verification standard
Experience on using SAST code scanning tools such as Checkmarx, Sonarqube, etc.
Familiar with Agile Development process, CI/CD, DevOps concepts, tools (Git, Gitlab, Github, Jenkins, Anslbe etc) and how automated security testing can be incorporated into CI/CI pipelines
Collaborate extensively with various teams (application, networking, infrastructure) to maintain, establish and deliver application security services for the organization
Good verbal/written communication skills and experience interacting with various stakeholders 11. Strong interest and passion for the field of application security.
Strong problem-solving and troubleshooting skills.
Self-reliant with an analytical and creative mind.
