Job
Description
Job responsibilities Lead application security efforts to ensure that security is integrated throughout the SDLC (Software Development Life Cycle) in alignment with industry best practices. Manage and configure Cloudflare, Akamai, AWS Web Application Firewalls (WAFs) to protect web applications from common threats (e.g., SQL injection, XSS) and ensure optimal performance and security. Perform static and dynamic application security assessments, including manual penetration testing, vulnerability scanning, and security code reviews. Conduct threat modelling to identify potential security risks and vulnerabilities in the application architecture and codebase. Collaborate with development teams to identify, prioritize, and mitigate security vulnerabilities in the code and environment. Integrate security tools (e.g., SAST, DAST, IAST) into the CI/CD pipeline to automate security testing. Provide expertise and guidance on secure coding practices to developers and ensure adherence to security standards and frameworks (e.g., OWASP, NIST). Develop and implement security policies and procedures for the secure design, development, and deployment of applications. Perform regular security audits and assessments to identify vulnerabilities and recommend improvements. Lead incident response activities for application-related security breaches, including analysis, remediation, and post-incident reporting. Advocate for security within the organization by conducting security awareness training and fostering a security-first culture. Stay up to date with the latest security trends, vulnerabilities, and exploits, and communicate findings to relevant stakeholders. Skills Proficient in application security assessments, including code reviews, penetration testing, and vulnerability scanning tools (e.g., Burp Suite). In-depth knowledge of secure coding practices and the ability to guide development teams in writing secure code (e.g., OWASP Top 10). Strong experience with configuring, managing, and tuning Web Application Firewalls (WAFs) to protect against common web application attacks such as SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). Strong experience in conducting manual penetration testing of web applications, APIs, and mobile applications. Familiarity with industry security frameworks and standards (e.g., OWASP, NIST, ISO 27001, PCI DSS). Experience integrating security into the CI/CD pipeline and working with automation tools (e.g., Jenkins, GitLab CI) to ensure continuous security testing. Ability to perform and communicate threat modelling exercises to identify potential security risks and propose solutions. Knowledge of securing cloud-based applications and environments (AWS, Azure, GCP) and understanding of cloud security best practices. Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automating security testing and reporting tasks. Knowledge of application-related incident response processes, including root cause analysis, remediation, and post-incident reporting. Relevant certifications such as CEH, OSCP, or AWS Certified Security Specialty are preferred. Qualifications 6+ years of experience in vulnerability program management and penetration testing. Prior experience as a team leads or role mentoring junior team members. AWS, CEH, OSCP, AWS Certified Security Specialty or CISSP Certifications preferred.
