-
Lead the application security program and define security standards, policies, and best practices.
-
Perform security architecture assessments, threat modeling, and design reviews for new and existing applications.
-
Conduct secure code reviews, penetration testing, vulnerability scanning, and analysis of security findings.
-
Collaborate closely with development, DevOps, QA, and product teams to integrate security into the SDLC.
-
Manage and prioritize remediation of vulnerabilities and guide engineering teams on mitigation strategies.
-
Drive implementation of security automation and tooling across CI/CD pipelines.
-
Evaluate and integrate third-party security technologies and frameworks.
-
Prepare security documentation, risk assessments, and executive-level reporting.
-
Train internal teams on secure coding practices and application security awareness.
-
Ensure compliance with security and regulatory requirements such as NIST, ISO, FedRAMP, or similar frameworks.
-
12+ years of IT experience with at least 7+ years in Application Security.
-
Strong hands-on experience with security testing tools such as SAST, DAST, IAST, SCA (examples: Veracode, Checkmarx, Fortify, Burp Suite, OWASP ZAP).
-
Deep knowledge of OWASP Top 10, secure SDLC, threat modeling, and secure architecture principles.
-
Experience with Cloud environments such as AWS, Azure, or GCP security controls.
-
Strong background in DevSecOps, CI/CD pipelines, and automation.
-
Proficiency with programming languages such as Java, .NET, Python, JavaScript, or similar for code review.
-
Experience with API and microservices security.
-
Familiarity with regulatory standards and compliance frameworks.
-
Excellent communication and stakeholder management skills.
-
Preferred certifications: CISSP, CSSLP, CEH, OSCP, or GWAPT.