Job
Description
Role Overview: As an Application Security Specialist at Coredge.io, you will be responsible for embedding security into the development lifecycle of cutting-edge cloud-native and edge computing applications. You will collaborate with cross-functional teams to ensure secure design, development, and deployment of software products. Key Responsibilities: · Lead the design and implementation of secure software development lifecycle (SSDLC) practices across product teams. · Conduct threat modelling and secure code reviews for applications built on Coredge platforms. · Integrate security tools (SAST, DAST, SCA) into CI/CD pipelines using DevSecOps practices and have a strong understanding of secure GitHub, Docker Hub etc. · Collaborate with developers to remediate vulnerabilities and promote secure coding. · Perform penetration testing and vulnerability assessments on web, mobile, and microservices-based applications. · Define and enforce application security policies aligned with Coredge’s product architecture. · Monitor emerging threats and recommend proactive security measures. · Lead incident response for application-level security breaches. · Collaborate with product managers and architects to ensure security requirements are embedded in product design. · Conduct regular security training and awareness sessions for developers and QA teams. · Evaluate and implement new security tools and technologies to enhance application security posture. · Maintain a vulnerability management program for applications, including tracking, reporting, and remediation. · Work with legal and compliance teams to ensure applications meet regulatory requirements (e.g., GDPR, HIPAA, DPDP). · Participate in bug bounty programs and coordinate with external researchers to validate and remediate findings. · Develop and maintain security dashboards and metrics to report on application security health. · Contribute to open-source security initiatives and represent Coredge.io in industry forums. Preferred Qualifications: · Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. · 8–10 years of experience in application security, software development, or penetration testing. · Strong understanding of OWASP Top 10, SANS CWE Top 25, and secure coding practices. · Hands-on experience with DevSecOps, container security (Kubernetes, Docker), and Infrastructure as Code (Terraform, CloudFormation). · Hands-on experience with tools like SonarQube, Trivy, Burp Suite, Checkmarx, Veracode, Kali Linux and GitLab CI/CD. · Proficiency in languages such as Java, Python, Go, or JavaScript. · Experience with DevSecOps and integrating security into Agile/DevOps workflows. · Knowledge of regulatory and compliance standards (e.g., PCI-DSS, HIPAA, GDPR). · Mandatory Certifications such as CEH, OSCP, or GWAPT are highly desirable (Any two of them). Show more Show less
