Senior Specialist Cyber Security Application Security

You are a Senior Cyber Security Specialist with expertise in application security testing and a strong understanding of modern secure development practices. Your role involves conducting security assessments across agile projects and collaborating closely with development teams to identify and remediate vulnerabilities throughout the SDLC. You will be responsible for managing security assessments for multiple agile-based projects and performing application penetration testing for various types of applications including Web, API (REST/SOAP), Microservices, Thick clients, and mobile applications. You will utilize tools such as SAST, IAST, CVM, and DAST tools like Checkmarx, Contrast, Black Duck to identify vulnerabilities and provide actionable remediation guidance by eliminating false positives. Collaboration with application teams to ensure timely resolution of identified security issues is a key aspect of your role. You will also be involved in threat modeling using application artifacts such as design documents, user stories, and architecture diagrams. Additionally, creating targeted security user stories and misuse cases for agile security testing, conducting source code reviews (preferably Java or .NET), and offering specific fixes for vulnerabilities by reading and understanding application code are part of your responsibilities. Your role also involves providing clear technical writing and presentations to both technical and non-technical stakeholders. Required skills and experience include 5+ years of experience in application security and penetration testing, secure code review (Java or .NET), threat modeling, and misuse case design. A deep understanding of DevOps and CI/CD integration with security tools, strong knowledge of Java, JavaScript, Spring Boot, encryption/key management, and familiarity with ethical hacking methodologies and frameworks such as OWASP, OSSTMM, NIST, SANS, and CWE are essential. Excellent verbal and written communication skills are also required for this role.,