Data Dev Lead

As an Application Security professional, you will play a crucial role in safeguarding the solutions by analyzing their design and identifying potential security threats. Your expertise in threat modeling methodologies such as STRIDE and DREAD will enable you to recommend appropriate mitigations for the identified threats. Furthermore, you will be responsible for providing Secure Software Development Lifecycle (SDL) Training, where you will communicate security concepts effectively to developers and deliver engaging training sessions. Your proficiency in manual code review techniques and familiarity with automated code analysis tools like SAST and SCA will be essential in identifying vulnerabilities and interpreting code review results. In addition, your hands-on experience with security testing tools like Burp Suite and knowledge of security testing methodologies will help you identify and exploit common web application vulnerabilities. You will also be involved in vulnerability scanning and analysis using tools such as Nessus and Qualys, where your ability to analyze scan results, filter out false positives, and prioritize remediation actions will be critical. Your technology-specific knowledge of Microsoft .NET technologies, Identity protocols like OpenID Connect and OAuth 2.0, and cloud technologies, particularly Microsoft Azure, will be beneficial in addressing security implications. A deep understanding of web security fundamentals, including HTTP, HTML, JavaScript, and databases, along with knowledge of common web application vulnerabilities (e.g., OWASP Top 10) and web security mitigations and best practices, will be required in this role. Additionally, your basic penetration testing skills, understanding of penetration testing methodologies and tools, and ability to report findings and recommend remediation actions will be valuable assets. To excel in this role, you should stay up-to-date with the latest security trends, vulnerabilities, and mitigation strategies. Active participation in the security community to maintain current knowledge will be essential to ensure the security posture of applications remains robust. Your skills in threat modeling, penetration testing, code review, Burp Suite, OWASP, and Nessus will be instrumental in fulfilling the responsibilities of this role effectively.,