Senior Application Security Specialist
We are seeking a Senior Application Security Specialist to lead the integration of secure software development practices across our SDLC in both cloud and on-prem environments.
The successful candidate will have expertise in securing software development life cycles, container and infrastructure security, threat modeling, reviews, and remediation.
In this role, you will be responsible for building and maintaining automation tools for vulnerability triage, mitigation, and reporting.
You will also work closely with dev ops and platform teams to enhance container and infrastructure security, as well as leverage threat intelligence to prioritize mitigations based on business risk.
Additionally, you will mentor engineers and analysts, fostering secure development capabilities across teams, and collaborate with security champions to build advocacy and threat modeling expertise.
* Main Responsibilities:
* Secure Software Development & Dev Sec Ops Integration: Architect and integrate security into CI/CD pipelines using modern automation and guardrails.
* Develop secure frameworks, SDKs, and CI integrations to enable frictionless adoption of security controls.
* Maintain secure coding standards and guidance tailored to our technology stack.
* Collaborate with Dev Ops and platform teams to enhance container and infrastructure security (Docker, Kubernetes, IaC).
* Lead Threat Modeling Workshops Across Product and Platform Teams.
* Identify and Assess Vulnerabilities Using SAST, DAST, SCA, Manual Code Reviews, and Penetration Testing.
* Promote Reusable Remediation Patterns for Code and Infrastructure Vulnerabilities.
* Leverage Threat Intelligence to Prioritize Mitigations Based on Business Risk.
* Build and Maintain Automation Tools for Vulnerability Triage, Mitigation, and Reporting.
* Strengthen API Security Through Robust Authentication Protocols (OAuth 2.0, Open ID Connect, SAML).
* Integrate With API Gateways (e.g., Layer7, Mule Soft) to Enforce Secure Communication and Tokenization.
* Mentor Engineers and Analysts, Fostering Secure Development Capabilities Across Teams.
* Collaborate With Security Champions to Build Advocacy and Threat Modeling Expertise.