Requirements

Expected technologies

Java

C#

Python

JavaScript

SonarQube

OWASP ZAP

Nessus

Invicti

AWS

Azure

Google Cloud

Our requirements

• University degree in Computer Science or similar field
• Understanding of programming languages such as Java, C#, Python, or JavaScript.
• Strong understanding of application security principles and secure coding practices.
• Strong understanding of application security principles like network security, encryption, access management and their best practices
• Experience with security tools and processes such as SAST, DAST, SCA, and vulnerability scanners (e.g., SonarQube, OWASP ZAP, Nessus, Invicti)
• Knowledge of security frameworks (e.g., OWASP Top Ten, NIST, ISO 27001), cloud platforms (e.g., AWS, Azure, Google Cloud) and their security features
• Hands on experience with containerization and orchestration tools such as Docker and Kubernetes
• Fluency in English
• Certifications: Relevant certifications such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), or Offensive Security Certified Professional (OSCP) are a plus

Your responsibilities

• Security Assessments: Conduct regular security assessments, including threat modeling, At-tack Surface Analysis, Critical Analysis.
• Security Architecture: Design and implement security architecture and controls for new and existing products.
• Code Review: Review source code for security vulnerabilities and provide actionable feedback to development teams.
• Secure Coding Practices: Educate and advocate for secure coding practices among development teams through workshops, training sessions, and documentation.
• Tool Implementation: Evaluate and implement application security tools (e.g., static and dynamic analysis tools) to automate security testing processes.
• Incident Response: Assist in incident response activities related to application security breaches, including root cause analysis and remediation strategies.
• Collaboration: Work closely with cross-functional teams, including software developers, DevOps, and IT security, to ensure security considerations are integrated into the development process.
• Monitoring and Reporting: Monitor application security metrics and provide regular reports to management on security posture and compliance.