Job
Description
Skills: Expertise in application security frameworks and best practices, including OWASP, secure coding standards, and threat modelling. Proficiency in security assessment tools and techniques, including static and dynamic analysis, penetration testing, and code review. Strong understanding of secure software development life cycle (SDLC) processes and methodologies. Knowledge of common security vulnerabilities and how to mitigate them, including SQL injection, XSS, CSRF, and other application-layer attacks. Familiarity with authentication and authorization mechanisms, such as OAuth, SAML, JWT, and other identity management protocols. Experience with secure API development and web services security. Understanding of cryptography principles, including data encryption, hashing, and key management. Ability to design and implement security controls for cloud-native applications and microservices architectures. Strong problem-solving skills and the ability to work collaboratively with development teams, DevOps, and other stakeholders. Experience: 3-5 years of experience in application security or software development with a focus on security. 5 years of experience in information security or related roles. Experience in conducting security assessments and vulnerability management for applications. Scope of Work: Lead the design and implementation of secure software architectures for the organization's applications. Develop and enforce application security policies, procedures, and best practices. Conduct security assessments of applications, including vulnerability assessments, penetration testing, and code reviews. Collaborate with development teams to integrate security into the software development life cycle (SDLC) and ensure secure coding practices. Identify and mitigate security vulnerabilities in both new and existing applications. Provide guidance on secure design patterns, threat modelling, and risk assessment for applications. Review and approve security requirements and technical specifications for application projects. Develop and implement strategies for secure API development and integration. Work with DevOps teams to integrate security tools and practices into CI/CD pipelines. Stay current with emerging application security technologies, trends, and best practices. Educate and train development teams on application security principles and practices. Collaborate with other security teams, such as network security, OS security, and incident response, to ensure a cohesive security strategy. Develop and maintain documentation for application security controls, processes, and procedures. Participate in incident response activities related to application security breaches and vulnerabilities. Provide regular reports and metrics on application security posture and improvements.
