• Bachelor’s or master’s in computer science or related field or equivalent experience
• 3+ years of experience in applying secure software development methods, participate in building secure application and systems
• Solid understanding of fundamental application security building blocks such as: authentication, authorization, data validation, encryption, security assurance
• Good understanding of software architectures and technologies (including web application architectures, operating systems architectures, cloud architectures, TCP/IP Stack, software development processes)
• Strong familiarity with application security concepts/standards/laws/best-practices (e.g. OWASP, CIS, NIST SP 800, ISO27000 series)
• Experience in conducting security code review, security testing, application threat modelling and security risk assessment
• A burning desire to grow in both engineering and security expertise
• Practical experience in popular commercial and opensource security testing tools usage (e.g. Acunetix, Nessus, Burp, ZAP, Kali Linux)
• Good understanding of at least two of following programming languages (i.e. ability to figure out what’s going on by looking at code snippets): C#, C++, Java, Python, JS
• Practical experience in application development, secure coding and scripting languages for automation
• Practical experience in Microsoft Cloud Security
• Practical experience in systems hardening
• Participate in threat modelling and applications risk assessment
• Perform system & application security requirements review, definition and clarification
• Working closely with development teams to support of integration best security practices into their development processes
• Contribute on corporate SDLC enhancement, design and implement security controls and best practices
• Participate in investigation, development and implementation techniques for secure code reviews and security testing
• Conduct application security testing and perform secure code review.
• Participate in enhancement of SAST/DAST/IAST integration into applications CI/CD pipeline
• Participate in conducting secure development training sessions for development teams
• Stay current on security industry trends and best practices implementation
• Investigate and pilot commercial and open-source application security tools
• Participate in development corporate regulations, technical reports, presentations related to application security
The security specialist will be contacting closely with our Application Development, DevOps and Production Support teams with a focus to ensure that corporate requirements and best practices are implemented in SDLC, provide information security recommendations to identify, manage, and mitigate security risks.