Job Requirements

Qualifications

Educational Background: Bachelor's degree in computer science, Information Technology, or a related technical area.Experience in Application Security (AppSec): 10+ years of proven experience in web, API, and mobile application security or a related role.People Management Experience: 3+ years of experience in managing cloud and application security teams.Infrastructure as Code (IaC): Familiarity with IaC and \"desired state\" concepts, including tools such as Terraform, Salt, Chef, Puppet, etc.Knowledge of Attack Vectors: Understanding of common attack vectors, including OWASP Top 10.Automation Skills: Knowledge of automating build and deployment infrastructure using Kubernetes, Docker, etc.Problem-Solving and Communication: Excellent problem-solving abilities and strong communication skills.Security Assessments and Testing: Experience in managing application security assessments, penetration testing, red team, and purple team exercises.Certifications: Certified in one or more of the following: CRISC, CISA, CISM, CISSP, SANS GIAC Security Certifications.

 

Responsibilities

Design and secure cloud apps including Infrastructure-as-Code Solutions: Lead the design, implementation, and maintenance of solutions that manage and protect cloud resources. Ensure these solutions are scalable, resilient, and secure.Secure Coding Best Practices and Training: Drive developers training and best practices for secure coding among developers to foster a security-first culture.Compliance Efforts: Lead compliance efforts necessary to keep products and services compliant, enabling business operations.Application Security Best Practices: Collaborate with development teams to promote and implement application security best practices.Consistency in Security Standards: Work closely with infrastructure and DevOps teams to ensure consistent implementation of security standards and remediation of identified security gaps.Security Reviews: Perform security reviews to ensure secure code development practices are maintained across the organization.Bug Bounty Triage and Remediation: Contribute to the bug bounty triage and remediation processes, ensuring prompt and effective resolution of security vulnerabilities.Business Acumen: Understand business dynamics, goals, and product security strategy. Recognize how security fits into the overall business.