Responsibilities:
1. Security Best Practices:
o Develop and maintain secure coding practices and standards.
o Conduct security testing and code reviews to identify vulnerabilities.
o Ensure compliance with security standards and regulations.
2. Code Security Analysis and Remediation:
o Assist development teams in analyzing security findings from static code analysis, dynamic scans, and penetration tests.
o Collaborate with developers to prioritize and address identified vulnerabilities.
o Provide clear remediation guidance, including code examples and best practices.
o Promote secure coding patterns and educate teams on secure coding principles.
3. Collaboration and Communication:
o Work closely with development teams, operations, and other stakeholders.
o Communicate security findings and recommendations effectively to technical and non-technical audiences.
4. Secure Code Integration:
o Collaborate with software developers to incorporate secure coding practices.
o Automate security processes to ensure seamless integration into the development workflow.
o Implement and maintain security tools and practices within the CI/CD pipeline.
Qualifications:
• Education: Bachelor’s degree in Computer Science, Information Security, or related field.
• Certifications: Relevant certifications such as CISSP, CISA, OSCP are preferred.
• Experience:
o Ability to conduct SAST and provide remediation suggestion for the findings and common vulnerabilities
o Familiarity with security tools and automation and experience in SAST/DAST and code review
o Good communication skills to work across the teams to convince/drive security findings closure
o proven experience in Application Security with SDLC, DevSecOps, threat modeling, security review is preferred.
o Knowledge in other cybersecurity domains like data security, cloud security is a big plus