Bachelor's Degree or 7 years of developer experience with 3 years in application security required.
Minimum of 5 years in Software Development.
Expert knowledge of Azure security services and familiarity with CI/CD processes.
Strong working knowledge of programming languages such as Java, C++, C#, or Python.
Requirements:
Design, define, and implement security requirements and processes for cloud-based applications.
Implement and enforce Application Security tools and coordinate security initiatives across teams.
Perform threat modeling and technical design reviews to enhance product security.
Educate developers on application security best practices and assist in developing security checklists.
Job description
About the Job
Featured
We are looking for a technical subject matter expert who can show developers how they can secure their traditional cloud and cloud native applications. This person will design, define, and implement security requirements, controls, and processes to properly secure our cloud-based applications. This person will be responsible for and driving the βSECβ in our DevSecOps process and evangelizing itβs benefits and outcomes.
Core Responsibilities
Work independently and collaboratively with various teams.
Implement, onboard, and enforce Application Security tools (SAST, SCA, IaC, DAST and IAST), including cloud-based CI/CD Pipelines.
Coordinate software security initiatives with various teams.
Manual and tool-based vulnerability management of priority issues.
Perform threat modeling and technical design reviews of sensitive features, highlight risk, and help developers improve the overall security of our products.
Define, develop and automate the deployment or our Azure security tools and services.
Partner with application teams to implement application security standards, patterns and guidelines.
Assist in developing Source Code Review and application security checklists.
Advise developers on how to implement security into DevSecOps CI/CD pipelines
Partner with Infrastructure teams to implement technical security standards, patterns, and guidelines for server and serverless based platforms.
Educate developers in application security best practices and least privilege principles.
Required Skills
Must have expert Knowledge of Azure security services (Azure Security Center / Azure Sentinel)
Mid-level knowledge of tools such as Terraform, Kubernetes, Jenkins, Azure DevOps
Current experience in security testing, assessment, and methodologies (including browser-based, API, CI/CD pipeline, and Mobile)
Strong working knowledge of at least two programming or scripting languages, preferably Java. Having C++, C#, or Python, and mastery of object-oriented design and programming helpful.
Current experience in threat modeling, and technical design reviews.
Current experience using in at least 1 AppSec (SAST, DAST, IAST) tool sets.
Strong scripting skills in at least one language, preferably Python.
Strong Knowledge of CI/CD processes
Familiarity with manual and automated vulnerability management and resolution across multiple teams.
Familiarity with securing cloud-based resources, including containers, Apps services v3, and other PaaS services in Azure.
Knowledge of configuration and information management analysis, such ask XML, JSON, etc..
Strong understanding of security principles, policies, and industry best practices.
Familiarity of various compliance frameworks (HIPAA, PCI DSS, NIST, etc.).
Familiarity with Open Web Application Security Project (OWASP), Software Assurance Maturity Model (SAMM), Application Security Verification Standard (ASVS), National Institute of Standards and Technology (NIST) Special Publications.
Qualifications
Bachelor's Degree or 7 years developer experience with 3 years of application security or equivalent required
Minimum of 5 years in Software Development
Minimum of 3 years' experience supporting security in CI/CD pipelines
