Job
Description
What are we looking for? We are looking for a highly skilled and motivated Application Security Specialist to join our team. The ideal candidate will have expertise in application security, a passion for finding and mitigating vulnerabilities, and the ability to work in a collaborative environment to ensure the security of our software applications. Should have strong problem-solving skills, a keen eye for detail, and the ability to communicate effectively with cross-functional teams. Key Attributes: Strong knowledge of application security principles, methodologies, and best practices. Hands-on experience with security testing tools and techniques. Experience with secure software development practices (SDLC) and vulnerability management. Knowledgeable on Web applications and APIs functioning. Ability to conduct threat modelling and risk assessments. In-depth understanding of modern programming languages and web technologies. Strong communication skills to convey technical security risks to non-technical stakeholders. What does the job entail? As an Application Security Specialist, you will be responsible for ensuring the security of our applications throughout their development lifecycle. Your duties will include: Security Assurance and Assessments: Ensure that security standards are implemented throughout the software development lifecycle (SDLC), including in design, development, testing, and deployment. Preparing best practices for API security, and assessing system compliance against this. Guiding teams in implementing secure authentication, authorization, data protection, and other security measures. Performing regular security assessments, including static and dynamic analysis, penetration testing, and code reviews. Vulnerability Management Track, analyze, and report vulnerabilities found during security assessments. Provide remediation guidance and prioritize risks based on business impact. Collaborate with development teams to ensure remediation in a timely manner. Security Best Practices: Develop, maintain, and enforce security guidelines, processes, and policies related to secure application development Ensure compliance with industry security standards such as OWASP Top 10, etc. Technology Risk Assessment: Conducting vulnerability assessments to identify risks in both existing and new applications. Identifying potential attack vectors and providing mitigation strategies. Collaboration with Cross-Functional Teams: Working closely with Infosec, IT teams and external partners/vendors to ensure security is considered at every stage of application development. Reviewing and analyzing the security posture of third-party services and vendors. Education: Bachelor's degree in any engineering practice. Other certifications in application security such as below are Certified Ethical Hacker (CEH) Offensive Security Certified Professional (OSCP) GIAC Web Application Penetration Tester (GWAPT) (ISC) Certified Information Systems Security Professional (CISSP) ISACA Certified Information Security Manager (CISM) Work exp: Minimum of 6-8 years of experience in application security or a related field. Strong experience in application security testing tools (e.g., Burp Suite, OWASP ZAP, Fortify). Proven experience in secure software development practices and conducting risk assessments and threat modelling. Experience working with web and mobile application security, as well as cloud-based services (AWS, Azure, etc.). Familiarity with common vulnerabilities (e.g., SQL injection, XSS, CSRF) and knowledge of frameworks like OWASP Top 10. Hands-on experience in penetration testing and vulnerability scanning. Preferred: Knowledge of cloud-native security practices and containers (Docker, Kubernetes) and API Security. Familiarity with DevSecOps practices. Experience in working with agile development teams.
