Applications Security Specialist - Remote

Overview

In this role, you will work closely with developers, engineers, and security professionals to ensure our applications are built with security in mind. Your primary focus will be on identifying, analyzing, and mitigating potential vulnerabilities in our software applications. You will serve as a primary liaison between security and the development teams.

Responsibilities

• Conduct code scanning and analysis to identify vulnerabilities in the application code.
• Conduct threat modeling sessions with developers to anticipate and address potential security risks during the application development process.
• Review code for security flaws and provide actionable feedback to development teams.
• Collaborate with developers to integrate secure coding practices into the software development lifecycle.
• Assist in the creation and maintenance of security documentation, policies, and procedures.
• Meeting regularly with Development teams to address compliance, SDLC, and OWASP standards.
• Stay updated on the latest security trends, threats, and compliance requirements to proactively protect applications.
• Work with the teams to document the scan results and follow up with corrective action plans designed by Engineers and Architects.
• Reviewing the output from security scanning tools and creating remediation plans with the development team.
• Understand the Application Security Verification Standard and communicating it with development teams to ensure compliance.
• Reviewing ASVS compliance with dev teams.
• Lead a vulnerability review and remediation planning, architectural review, and complete a threat model.
• Administration of security tools.
• Review architectural diagrams for vulnerabilities.
• Review data-flow diagrams for vulnerabilities.

Qualifications

Academic and Professional Qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field or equivalent/years of experience preferred.

Experience:

• 8-10 years Software design and development preferred.
• 8+ years Working with code scanning tools (e.g., SAST, DAST, SCA) preferred.
• 8+ years Security concepts and SDL practices preferred.
• 8+ years Security frameworks, standards, and regulations (e.g., OWASP Top 10/ASVS, NIST, GDPR) preferred.
• 8+ years Secure coding practices and common vulnerabilities (e.g., SQL injection, XSS, CSRF) preferred.

Travel Requirements:

• Up to 10% travel may be

Working Arrangements:

• Work is performed in a remote office environment with minimal exposure to health or safety hazards.