-
Lead the design, implementation, and management of web security strategies across all web platforms.
-
Conduct regular security assessments, vulnerability testing, and penetration testing of web applications.
-
Monitor web applications for potential threats, breaches, or suspicious activity.
-
Develop and enforce security policies, standards, and best practices for web development and deployment.
-
Collaborate with development, DevOps, and IT teams to ensure secure coding practices and application configurations.
-
Respond to and investigate security incidents, providing root cause analysis and mitigation strategies.
-
Stay updated on emerging web security threats, tools, and technologies, and integrate them into the organization's security posture.
-
Provide leadership, mentorship, and guidance to junior security staff or team members.
-
Ensure compliance with relevant regulations and industry standards (e.g., OWASP, PCI-DSS, GDPR).
-
Minimum 12 years of experience in web security, information security, or a related field.
-
Strong expertise in web application security, network security, and cloud security.
-
Hands-on experience with security tools such as vulnerability scanners, WAFs, SIEM systems, and endpoint protection.
-
Deep understanding of OWASP Top 10, common web vulnerabilities, and secure coding practices.
-
Experience with penetration testing and incident response.
-
Familiarity with regulatory requirements and security frameworks (e.g., PCI-DSS, GDPR, ISO 27001).
-
Strong analytical and problem-solving skills.
-
Excellent leadership, communication, and team collaboration abilities.
-
Relevant certifications such as CISSP, CEH, OSCP, or equivalent are highly desirable.