Develop a broad and deep technical understanding of products, services and architectures.
Leverage this understanding to conduct architecture reviews, threat modelling and code reviews on web applications, mobile applications and other relevant services.
Work with developers to refine security checkpoints in Development cycle that are based on industry-accepted security standards and represent Security Platform in development at various stages of SDLC.
Interpret security tools and penetration testing results to stakeholders, providing advice on vulnerability remediation and risk mitigation.
Create relevant documentation and metrics to your stakeholders and business leaders and deliver these in a clear, concise manner.
Research and maintain proficiency in attacker Tools, Techniques, Procedures and other security topics.
Propose and develop training materials to help raise the security bar across the organization.
Develop innovative and scalable tools, solutions, and processes to enhance product security operations.
B.S. Computer Science or similar combination of education and experience
Deep software development experience (Java, iOS and Android APIs, Web, Python)
Good communication skills
Have an excellent working knowledge and ability to educate others on common vulnerability types, including SQL/command injection, XSS, CSRF, and SSRF
Have experience in web, database, information and/or infrastructure security
Know and love learning about the latest security tools, infrastructure, and industry best practices
Enjoy working across and being a resource for other engineers and sharing your knowledge of secure coding practices
Experience in authentication and authorization: SAML, OAuth, LDAP, AD, etc
Sound understanding of app security vulnerabilities, defense techniques and security best practices, including language-specific security measures and present-day threats
Deep security subject matter expertise in at least one major public cloud provider (AWS, GCP, Azure)
Experience with deploying and securing SaaS applications and cloud environments at scale
Working experience with CI/CD pipeline, containerization (Kubernetes, Docker, etc) and MicroServices
Coordinating bug bounty (VRP) programs and assisting with remediation
Experience
6-8+ years of experience in web application security, SSDLC, Threat Modeling
Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
Ability to triage, reproduce, recommend remediations and implement fixes for vulnerabilities
Passion for understanding and researching vulnerabilities and exploitation techniques
Knowledge of development and integration tools and technologies (e.g. CI/CD)
Knowledge of test automation frameworks and how they can be brought to bear for security QE
Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc)
Ability to work in a self directed environment that is highly collaborative and cross functional
Educate application developers to enhance quality of security in the code
Programming experience with Java web application & Python
Knowledgeable regarding backend security topics such as secret management and service authentication
Perform penetration tests and coordinate third-party vendor Pen Tests
Rating the severity of defects and publishing comprehensive reports detailing associated risks and mitigations