Application Security Expert:- 

Duties/Responsibilities:- 

• Provide security guidance on new products and technologies.
• Conduct threat modeling and risk assessments to identify and mitigate potential security risks.
• Support the implementation of secure development practices and standards.
• Oversee regular security assessments and manage the product security pipeline to identify and address vulnerabilities.
• Respond to security incidents related to products and coordinate with relevant teams to mitigate impacts.
• Integrate and manage security tools and processes to automate security testing and monitoring.
• Maintain internal documentation and ensure adherence to security standards and best practices
• Create and maintain Secure Development policies.
• Track and prioritize all security issues
• Work closely with developers to integrate security into the software development lifecycle.
• Provide training and raise awareness about security best practices among development teams.
• Support responses for security questionnaires and audits.

Minimum Qualifications

• 5+ years of proven experience in application security & secure development
• Strong foundations in software engineering
• Experience or working knowledge of modern development, test, and deployment models
• Demonstrate expertise in application security domain and architecture design
• Understanding of application security in context of SDLC and CI-CD
• Understanding of OWASP MASVS and ASVS
• In-depth knowledge of cloud-native ecosystem
• Working knowledge on exploiting and fixing application vulnerabilities
• Proficient in one or more programming languages
• Strong background in threat modeling
• Familiarity with industry standard secure design models
• In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10)
• Familiarity with automated dynamic scanners and proxy tools
• An analytical mind for problem solving, abstract thought, and offensive security tactics
• Ability to articulate complex issues to executives, product owners, and other developers
• Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences