Roles And Responsibilities
- Implement Modern Application Security: Develop and implement robust application security practices, including secure coding guidelines, security testing, and vulnerability assessments.
- Secure SDLC Integration: Integrate security into the SDLC, collaborating with development teams to address security concerns at each phase of the software development process.
- AWS Security Expertise: Leverage AWS security services and features to enhance the security posture of our cloud-native applications and infrastructure.
- Application Security Testing: Conduct and oversee regular security assessments, including penetration testing, code reviews, and vulnerability scanning, to identify and address potential security risks.
- Incident Response: Assist in incident response activities, investigating and mitigating security incidents related to applications.
- Security Training and Awareness: Provide security training and awareness to development teams, promoting a culture of security-first mindset.
- Continuous Improvement: Stay up-to-date with the latest security threats, trends, and best practices, and drive continuous improvement initiatives within the application security domain
- Bachelor's or Master's degree in Computer Science, Information Security, or related field.
- 6+ years of professional experience in application security, with a strong focus on modern application security practices.
- In-depth knowledge of secure coding practices, OWASP Top 10, and common application security vulnerabilities.
- Proficiency in security tools, including static analysis tools, dynamic analysis tools, and open-source security testing frameworks.
- Hands-on experience with AWS services and security features, including IAM, WAF, and KMS.
- Familiarity with DevSecOps principles and integrating security into CI/CD pipelines.
- Experience in conducting security assessments and penetration testing of applications.
- Strong understanding of software development methodologies and the SDLC.
- Security certifications such as CISSP, CSSLP, or CEH are a plus.
- Excellent communication and collaboration skills, with the ability to work effectively in a team-oriented environment.