Key Responsibilities: Conduct threat modeling, code reviews, and security assessments of applications and products. Perform vulnerability analysis and collaborate with development teams to remediate issues. Integrate security tools (SAST, DAST, SCA) into CI/CD pipelines. Develop and enforce security policies, guidelines, and standards. Conduct risk assessments for new features, technologies, and vendors. Stay updated on emerging threats, vulnerabilities, and industry best practices. Support incident response efforts and post-mortem analysis when required. Required Skills & Qualifications: 48 years of experience in cybersecurity or product/application security. Strong understanding of OWASP Top 10, secure coding principles, and SDLC. Hands-on experience with static and dynamic analysis tools (e.g., Checkmarx, Veracode, Burp Suite). Familiarity with cloud platforms (AWS, Azure, or GCP) and securing cloud-native applications. Experience with scripting (Python, Bash, etc.) for automation and tooling. Good understanding of authentication/authorization protocols (OAuth, SAML, etc.). Bachelor’s degree in Computer Science, Information Security, or related field. Nice-to-Have (Preferred): Certifications like CEH, OSCP, CISSP, or AWS Security Specialty. Experience with containers and Kubernetes security. Knowledge of threat modeling frameworks (e.g., STRIDE, MITRE ATT&CK). Exposure to DevSecOps practices.
