The purpose of this role is to ensure the security and safety of software applications by identifying potential threats and vulnerabilities and developing strategies to prevent them. The role serves as a bridge between security and development, ensuring that applications are designed, developed, and deployed securely.
Key Responsibilities:
- Collaborating with Developers and Operations Teams to ensure that security is integrated into every software development lifecycle (SDLC) stage. This involves guiding developers on secure coding practices, participating in code reviews to identify potential vulnerabilities, and advising on remediation strategies.
- Collaborate with operations teams to ensure that security measures are effectively implemented in production environments and help design and implement secure network architectures.
- Security Reviews and Threat Modelling - conducting security reviews to evaluate applications for potential vulnerabilities and non-compliance with security standards. Understanding the application's architecture, identifying potential attack vectors, and devising strategies to mitigate these threats.
- Integrating Security Tools and Processes into the DevOps pipeline. This involves automating security checks and scans to identify and fix vulnerabilities early in the development process.
- Responding to Security Incidents in the event of a security incident or breach, assisting in the response and recovery process. This involves investigating the incident, identifying the cause, and implementing measures to prevent similar incidents in the future.
- Training and Awareness - raising awareness about application security within the Company. This involves conducting training sessions for developers and other IT professionals on secure coding practices, security standards, and the latest security threats and countermeasures.
- Fostering a culture of security within the Company, promoting the importance of security, encouraging the adoption of secure practices, and ensuring that security is considered at every level of the organisation.
Technical Skills:
- Proficiency in multiple programming languages, including Java, C#, Python, and Ruby.
- Knowledge of secure coding practices, including input validation, output encoding, and proper error handling.
- Familiarity with security frameworks and standards such as the OWASP Top 10, the CWE Top 25, and ISO 27001.
- Understanding of web application architecture, including server, client, and database interactions.
- Proficiency with security tools and technologies, including static analysis tools, dynamic analysis tools, and penetration testing tools.
Qualifications, Skills and Experience:
- A Bachelor's degree in Computer Science or Information Security.
- 5 years experience in a similar application security role.
- 5 years of development experience with proficiency in C#, Java, and Python.
- Relevant information security certifications include CEH, OSCP, OSCE, LPT, and others.
- Knowledge and experience in international information security standards and personal data protection standards, such as ISO 27XXX, NIST, PCI DSS, and GDPR, are preferred.
- Experience in CTF or bug bounty programs, knowledge of DevSecOps practices and tools, and experience in web or mobile app development is a plus.
#J-18808-Ljbffr