Offer summary

Qualifications:

Bachelor's Degree or 7 years of developer experience with 3 years in application security., Minimum of 5 years in software development., Minimum of 3 years supporting security in CI/CD pipelines., Expert knowledge of Azure security services and experience with security testing and assessment..

Key responsibilities:

Design, define, and implement security requirements and controls for cloud applications.

Implement and enforce application security tools within CI/CD pipelines.

Coordinate security initiatives and perform vulnerability management.

Educate developers on application security best practices.

Job description

About the Job
Featured
We are looking for a technical subject matter expert who can show developers how they can secure their traditional cloud and cloud native applications. This person will design, define, and implement security requirements, controls, and processes to properly secure our cloudbased applications. This person will be responsible for and driving the “SEC” in our DevSecOps process and evangelizing it’s benefits and outcomes.
Core Responsibilities
Work independently and collaboratively with various teams.
Implement, onboard, and enforce Application Security tools (SAST, SCA, IaC, DAST and IAST), including cloudbased CICD Pipelines.
Coordinate software security initiatives with various teams.
Manual and toolbased vulnerability management of priority issues.
Perform threat modeling and technical design reviews of sensitive features, highlight risk, and help developers improve the overall security of our products.
Define, develop and automate the deployment or our Azure security tools and services.
Partner with application teams to implement application security standards, patterns and guidelines.
Assist in developing Source Code Review and application security checklists.
Advise developers on how to implement security into DevSecOps CICD pipelines
Partner with Infrastructure teams to implement technical security standards, patterns, and guidelines for server and serverless based platforms.
Educate developers in application security best practices and least privilege principles.
Required Skills
Must have expert Knowledge of Azure security services (Azure Security Center Azure Sentinel)
Midlevel knowledge of tools such as Terraform, Kubernetes, Jenkins, Azure DevOps
Current experience in security testing, assessment, and methodologies (including browserbased, API, CICD pipeline, and Mobile)
Strong working knowledge of at least two programming or scripting languages, preferably Java. Having C++, C#, or Python, and mastery of objectoriented design and programming helpful.
Current experience in threat modeling, and technical design reviews.
Current experience using in at least 1 AppSec (SAST, DAST, IAST) tool sets.
Strong scripting skills in at least one language, preferably Python.
Strong Knowledge of CICD processes
Familiarity with manual and automated vulnerability management and resolution across multiple teams.
Familiarity with securing cloudbased resources, including containers, Apps services v3, and other PaaS services in Azure.
Knowledge of configuration and information management analysis, such ask XML, JSON, etc..
Strong understanding of security principles, policies, and industry best practices.
Familiarity of various compliance frameworks (HIPAA, PCI DSS, NIST, etc.).
Familiarity with Open Web Application Security Project (OWASP), Software Assurance Maturity Model (SAMM), Application Security Verification Standard (ASVS), National Institute of Standards and Technology (NIST) Special Publications.
Qualifications
Bachelors Degree or 7 years developer experience with 3 years of application security or equivalent required
Minimum of 5 years in Software Development
Minimum of 3 years experience supporting security in CICD pipelines