Responsibilities
- Implement a software assurance model designed to address security defects early in the delivery pipeline.
- Perform penetration testing and code reviews of web and mobile applications
- Perform security design reviews for new features and product releases and threat modeling of mobile and web applications
- Perform code reviews and advise developers on remediation techniques.
- Design controls to detect and respond to common attacks on our platform.
- Triage and respond to external inquiries around security vulnerabilities.
- Facilitate internal training on various security topics to raise awareness and interest.
Qualifications
- Strong proficiency programming languages such as Javascript, Python, C/C++, and Java, Go, Ruby, and/or shell scripting languages.
- You have 5+ years of experience working with modern web applications, APIs, and mobile applications within cloud hosted environments such as AWS, GCP, & Azure.
- Experience with CICD platforms: Jenkins, CircleCI, and integrating security into the CI/CD pipeline
- Ability to manually exploit security flaws on web applications and APIs.
- Hands-on experience designing secure web services, RESTful APIs, and microservice architectures.
- Strong understanding of containerization technology such as Docker and Kubernetes
- Experience building security into the SDLC.
- Familiarity with common application testing tools for SAST, DAST, IAST, & MAST analysis such as Burp Suite, Snyk, Checkmarx, Veracode, Synopsys, and NetSparker