Key Responsibilities : Security (AppSec) : Conduct security reviews (static/dynamic analysis - SAST/DAST) of application code and designs throughout the SDLC. Perform penetration testing and vulnerability assessments of web and mobile applications. Work with development teams to remediate identified security vulnerabilities and implement secure coding best practices. Integrate security tools and processes into CI/CD pipelines Security (CloudSec) : Design, implement, and enforce security controls within our cloud environments (AWS, Azure, or GCP). Conduct cloud security assessments, configuration reviews, and identify misconfigurations. Monitor cloud security posture, analyze logs, and respond to security incidents in cloud infrastructure. Manage identity and access management (IAM) policies, network security groups, and encryption strategies in the Audits & Compliance : Assist in security audits, compliance assessments (e.g., SOC2, ISO 27001), and risk management activities. Develop and update security policies, procedures, and Response (Basic) : Participate in security incident response activities as needed, including investigation and containment. Promote security best practices and conduct security awareness training for development and operations teams. Evaluate, implement, and manage security tools and Skills & Qualifications : Experience : 3 to 7 years of hands-on experience in Information Security, with a focus on Application Security and/or Cloud Expertise : Familiarity with common web application vulnerabilities (OWASP Top 10) and mitigation techniques. Experience with SAST/DAST tools (e.g., SonarQube, Fortify, Checkmarx, Burp Suite). Understanding of secure coding principles in at least one programming language (e.g., Java, Node.js, Expertise : Hands-on experience securing resources on at least one major cloud platform (AWS, Azure, or GCP). Knowledge of cloud security services (e.g., AWS WAF, Security Hub, Azure Security Center, GCP Security Command Center). Understanding of cloud networking, identity management (IAM), and data encryption in cloud environments. Security Fundamentals : Strong understanding of fundamental security concepts (e.g., authentication, authorization, encryption, network security). Vulnerability Management : Experience with vulnerability assessment and management. Scripting : Basic scripting skills (e.g., Python, Shell) for automation of security tasks. Problem-Solving : Excellent analytical and problem-solving skills, with a proactive approach to security challenges. Communication : Strong verbal and written communication skills to explain technical security concepts to diverse audiences. Education : Bachelor's degree in Computer Science, Information Security, or a related engineering Qualifications : Relevant security certifications (e.g., OSCP, CEH, CompTIA Security+, CCSK, CCSP, AWS/Azure/GCP Security Specialty). Experience with DevSecOps practices and integrating security into CI/CD pipelines. Knowledge of container security (Docker, Kubernetes). Familiarity with compliance frameworks (e.g., GDPR, HIPAA). Experience with penetration testing methodologies and tools (ref:hirist.tech) Show more Show less