Responsibilities:

• Threat modeling application features and production environments.
• Break applications and prevent them from being broken.
• Security testing (black-box, gray-box) and code review of cloud and mobile products, APIs, internal automation, AUTH, and internal applications.
• Definition of Application Security policies, procedures and reporting metrics.
• Participate in incident handling and response.
• Security partnership with data, development, security and engineering teams.
• Security research, presentations, publications, and security industry collaboration.
• Guidance and architecture oversight, design reviews, and security feature roadmap collaboration.

Requirements:

• S. / M.S. in Computer Science, Electrical Engineering and/or 5+ years of related experience.
• Experience with agile software development processes and methodologies.
• Working knowledge of source code repositories.
• Experience developing, deploying, and securing applications in Azure or AWS.
• Experience working with a variety of development tools, languages, and environments, including .NET/Core, MVC, REST API, C#, SPA, JavaScript and common frameworks (Angular, React, etc.)
• Experience with Azure or AWS Development and CI/CD tooling (Visual Studio, Azure DevOps)
• Deep working knowledge of modern authentication and authorization protocols(OAuth, OpenID Connect, SAML)
• Experience with DAST, SAST, and IAST solutions, including static analysis tools for C# and JavaScript.
• Knowledge of real world, applied crypto techniques
• Experience identifying, triaging, and remediating application vulnerabilities including the OWASP Top 10 and CWE/SANS Top 25