Key skills
Cyber SecuritySDLCCommunication
About this role
Role Overview
- Develop and implement engineering’s technical security policies and procedures, and performance of security measures
- Scan and test applications for potential vulnerabilities and non-compliance with security standards
- Partner with engineering teams during code reviews to identify potential security vulnerabilities and advise strategies to develop more secure code
- Integrate security tools and processes into the software development and operations pipeline, including automation of security checks and scans to identify and fix vulnerabilities early in the development process
- Lead training sessions for technology teams in one-on-one coaching and large team training sessions on secure coding practices and information system security best practices
- Configure and manage automated tools and solutions to address security weaknesses in applications, systems, and infrastructure
- Partner closely with incident response teams to mitigate the impact of incidents from application security vulnerabilities and identify necessary steps to remediate findings
- Proactively recommend process enhancements and implement prioritized improvements within Cybersecurity team to enhance application security capabilities
- Track current events, technological advancements, and changes in the secure application development landscape to anticipate how attackers may change their tactics, and implement adjustments to internal technologies, policies, and procedures
- Design, implement, maintain, and enhance internal controls to mitigate risk on an ongoing basis
- Identify risk-related issues needing escalation to management
Requirements
- Bachelor's degree and a minimum of 3 years’ relevant work experience, or a combined minimum of 7 years’ higher education and/or work experience, including a minimum of 5 years software development or application security
- Prior experience reviewing or fixing vulnerabilities identified using application security tools such as SAST, SCA, IAST, DAST, or ASPM
- Intermediate understanding of the Software Development Life Cycle (SDLC)
- Ability to train technologist and people leaders at various levels on secure application development, both in person and virtually
- Excellent communication and interpersonal skills
Tech Stack
- Cyber Security
- SDLC
Benefits
- Health insurance
- 401(k)
- Paid time off
- Flexible working arrangements
- Professional development opportunities