Job
Description
We are seeking a dynamic Cyber Security/Product Security Specialist to strengthen our security initiatives. This pivotal role involves championing a robust security culture, refining our secure Software Development Lifecycle (SDLC) for products, and supporting audit requirements. The specialist will collaborate closely with product teams to integrate stringent security practices, reduce vulnerabilities, and coordinate with internal and external teams, including those focused on network security. Job description Lead the integration of security practices into the product development lifecycle, ensuring adherence to secure SDLC principles. Support Code reviews, DevSecOps, and Architecture Design reviews. Perform Application security reviews like Penetration testing and code reviews on Mobile applications, APIs, and web applications using OWASP standards. Identify security loopholes in the product design by performing threat modelling. Proficient in identifying vulnerabilities, guiding remediation steps and tracking the timely closure of issues based on severity. Deploy and manage security tools integration into CI/CD pipeline. Perform SAST, DAST, and SCA scans using in-house preferred tools, review the scan results for false positives and deliver them to engineering teams. Develop, implement, and enforce tailored security policies and procedures to fortify product security. Lead product security efforts during security incident management and define post-incident product security remediation plans. Keep abreast of the latest security vulnerabilities and security trends. You might be a strong candidate if you have/are: At least 3 years of experience in the Application security domain. Hold any security certification such as OSCP, OSWE, GPEN, GWAPT, CRTP, etc Experience with web application scanning tools, including Qualys WAS, Appspider, Acutenitx, Veracode, Burp Suite, Netsparker, OWASP Zap, Checkmarx, Whitesource, Snyk or similar. Good knowledge in secure protocols, encryption standards, authentication mechanisms, etc Outstanding communication and interpersonal skills, with the ability to engage effectively with diverse stakeholders. Qualifications Cyber Security Job Responsibilities: Safeguards information system assets by identifying and solving potential and actual security problems. Protects system by defining access privileges, control structures, and resources. Recognizes problems by identifying abnormalities; reporting violations. Implements security improvements by assessing current situation; evaluating trends; anticipating requirements. Determines security violations and inefficiencies by conducting periodic audits. Keeps users informed by preparing performance reports; communicating system status. Maintains quality service by following organization standards. Maintains technical knowledge by attending educational workshops; reviewing publications. Contributes to team effort by accomplishing related results as needed. Cyber Security Qualifications / Skills: System administration Network security Problem solving Information security policies Network protocols Education, Experience, and Licensing Requirements: Bachelors degree in Computer Science, Information Systems, or equivalent education or work experience 4+ years of prior relevant experience Advanced certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP and/or SIEM-specific training and certification are a value add Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth and common security elements. Experience with vulnerability scanning solutions Familiarity with the DOD Information Assurance Vulnerability Management program. Proficiency with any of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics, and RSA Security Experience developing and deploying signatures will be added advantage (e.g. YARA, Snort, Suricata, HIPS) Understanding of mobile technology and OS (i.e. Android, iOS, Windows), VMware technology, and Unix and basic
