Job responsibilities:
• Leading the designing and implementing of automated security tools throughout the product pipeline
• Partnering with product team to drive shift-left security strategy preventing vulnerabilities in products early in development phase in the SDLC
• Perform threat modeling and risk assessments to identify potential vulnerabilities and develop mitigation strategies
• Conduct continuous application security testing, guide security champions and dev team and coordinate remediation efforts
• Responsible for analyzing security of applications and services, identifying risks and compliance gaps, continuously seeking to improve compliance with established standards
• High level understanding of application and network zero-trust journey
• Advancing a culture of security by creating and sharing the vision through presentations, effective influence, and leveraging management support as needed.
Required qualifications, capabilities, and skills
• 9 to 10 years of relevant experience in Application and cloud security with secure SDLC working with distributed enterprise applications.
• In-depth knowledge of security controls and testing techniques for each phase of the SDLC, including planning, design, development, testing, and deployment
• Establishing vulnerability triage meetings with development teams to guide remediation of SAST, SCA, DAST, IAST vulnerabilities
• Extensive knowledge of threat modeling methodologies and experience conducting threat modeling exercises for applications
• Knowledge of core application security principles, common security vulnerability classes, their root causes and mitigations
• Proven knowledge of designing and implementing AWS cloud security controls, and services
• Build security metrics to track the effectiveness of our security excellence programs
