Performing security architecture reviews of applications in design and production phases
Identifying security recommendations, potential threats and attacks to applications systems through threat modeling and vulnerability assessment
Conducting assessments of applications and platforms (web, cloud, mobile) using range of manual and automated source code review techniques
Integrating application security tools and process in automated pipelines
Working with clients to analyze, evaluate, and enhance the effectiveness of their application / platform / product security posture at procedural and technological levels from design to deployment
Participating in market facing activities. Use current technology and tools to enhance the effectiveness of deliverables and services. Play an active role in counseling and mentoring junior Cybersecurity team members
Resolving and reviewing resolution of security vulnerabilities as needed
Improving secure coding practices, application security requirements, automation, training and metrics
Maintaining an active understanding of industry practices for secure software development
Working with application development teams to refactor or create security solutions
Monitoring & Logging and Site Reliability
Experience and skills:
Experience in performing application security vulnerability assessment using either manual penetration testing and source code techniques or automated commercial SAST/DAST/IAST/SCA/OSA tools
Experience in performing security architecture/threat modeling
Experience in evaluating application security programs for clients and developing key elements of the program as part of the enhancement process and developing internal vulnerability assessment and management processes
Ability to learn and adapt to integrate application security to different CI/CD systems and apply automation as needed
Minimum 2 years of experience working in Agile development, application security, or DevOps role, with experience in the following technologies:
Containers (Docker, Kubernetes, etc.)
Infrastructure as code (Chef, Terraform, etc.)
Continuous integration (Jenkins, etc.)
Integration of Security testing tools into pipeline