March 19
• Implement a software assurance model designed to address security defects early in the delivery pipeline • Perform security design reviews for new features and product releases • Perform code reviews and advise developers on remediation techniques • Design controls to detect and respond to common attacks on our platform • Triage and respond to external inquiries around security vulnerabilities • Facilitate internal training on various security topics to raise awareness and interest
• Strong proficiency in at least one programming language like Java and/or NodeJS • Hands-on experience working with developers in building a software assurance model • Demonstrate the ability to manually fix/mitigate security flaws on web applications and APIs code-level • Experience designing secure web services, APIs and microservice architectures • Familiarity with threat modeling frameworks in cloud-base environments (OWASP, STRIDE, MITRE, etc) • Experience with application/development security tools including but not limited to: Burp Suite, Qualys/WAS (or similar), Checkmarx (or similars), Bitbucket (or similars), Jenkins, Docker, etc • Familiarity with implementation and maintenance of SAST/DAST/IAST/SCA security sensors in a development pipeline • In-depth knowledge of OWASP10, SANS25 and other world-known application security frameworks • Understanding of a complete SDLC and how to make it secured (S-SDLC) • Familiarity with Cloud platforms (AWS or equivalent) • Ability to lead people to problem resolution when it comes to Security (Integrate teams, specially Engineering Team) • Effective written and oral communication involving both business and technical sides of the business • Quickly identify issues and solve them • Ability to present technical risks to broader audience (both written and spoken)
• Flexible, remote-first dynamic culture • Travel benefits • Health benefits • Learning benefits
Apply Now