Application Security Specialist

• Provide expert security advisory with the goal to built-in security”
• Support projects by reviewing planned IT architectures and performing threat analysis to identify potential risks for IT and business environments at an early stage
• Derive Security Requirements gathering as part of requirements gathering for software development.
• Perform Threat Modeling,
• Define Security Measures with the project & create / further develop the Security Profile for the software.
• Advise to find counter measures for identification, containment and elimination of impacts.
• Prioritize remediation based on Threat Model and Security Requirements as well assist the development team in remediation.
• Provide advisories as well as contribute in the implementation of DevSecOps from Application Security perspective.
• Ensure effective security testing in CI/CD which includes installation of the SAST / DAST etc. as well as integration with the pipeline.
• Security training of Product Owners and developers
• Working in close collaboration with applications- and infrastructure teams

Skill Requirements

• A strong working knowledge of Security in Software Development Lifecycle is required
• Prior experience in software development is desired
• Extensive knowledge in threat analysis methodology, Threat Modelling and Security Profile creation for application would be required.
• Ability to perform code review manually as well as with the help of the tools.
• Ability to provide low level instructions to the developers on the gap remediations.
• Working experience on industry leading SAST / DAST and Open-Source Scanning tools ex. Fortify, Coverity, App Scan etc.
• Security paradigms, -technologies and –processes e.g. STRIDE
• Standards e.g. ISO 2700x, NIST-standards
• Analytical and strategic thinking
• Intercultural experience
• Distinct customer and target orientation

Qualifications

• Bachelor’s Degree in Computer/Information Science; Information Technology; Cyber Security

Experience

• Around 5 to 10 years of experience in Cyber Security / Application Development / Application Testing with minimum of 3 years in Application Security

Certification

Industry certifications such as

• CISSP
• CSSLP etc. would be an added advantage.