Implement a software assurance model designed to address security defects early in the delivery pipeline
Perform security design reviews for new features and product releases
Perform code reviews and advise developers on remediation techniques
Design controls to detect and respond to common attacks on our platform
Tech talks in high technical level to engineers
Triage and respond to external inquiries around security vulnerabilities
Facilitate internal training on various security topics to raise awareness and interest
What skills will I need to have?
Strong proficiency in at least one programming language like Java, goLang, Python and/or NodeJS/TypeScript and also knowledge in any scripting languages
5+ years of hands-on experience working with developers in building a software assurance model
Demonstrate the ability to manually fix/mitigate security flaws on web applications and APIs code-level
Experience designing secure web services, APIs and microservice architectures
Familiarity with threat modeling frameworks in cloud-base environments (OWASP, STRIDE, MITRE, etc)
Familiarity with OWASP verification guidelines (ASVS), OWASP Top 10s (web, API, LLM) and NIST special publications
Experience with application/development security tools, including but not limited to: Burp Suite, Qualys/WAS (Tenable or similar), Apiiro (Wiz, GHAS, or similar), Github (Gitlab, Bitbucket or similar), ECS/EKS, Github Actions, etc
Familiarity with the implementation and maintenance of SAST/DAST/IAST/SCA security sensors in a development pipeline
In-depth knowledge of OWASP10, SANS25 and other world-known application security frameworks
Understanding of a complete SDLC and how to make it secured (S-SDLC)
Familiarity with Cloud platforms (AWS preferably)
Ability to lead people to problem resolution when it comes to Security (Integrate teams, especially the Engineering Team)
Experience on how to secure LLMs and generative AI applications
Will be considered a plus:
Certified in any related security development certifications like CSSLP, CASE or others
Exposure to PCI-DSS, ISO27001 and/or SOC2 framework or any other relevant security standard will be valued
Extensive knowledge of security architectures, both monoliths and microservices, including how they are developed and operate at scale
Have had developed a personal or enterprise software/script with focus on security (exploitation of vulnerabilities, hardening automation, API integration for security
