To deliver stronger, smarter security solutions, provide peace of mind for the venture
Job responsibilities
- Educate our software engineers on secure coding practices and even build out a robust security champions program
- Provide vulnerability remediation support
- Implement & manage various SAST, SCA, DAST, and OSS scanning tools.
- Maintain automations that enforce Secure SDLC
- Secure design reviews
Required qualifications, capabilities, and skills
- Formal training or certification on Application Security concepts and 3+ years applied experience
- Must be a team player who is eager to share domain knowledge with the team and eager to learn from others as well
- Experience of the Secure Software Development Lifecycle Framework.
- Understanding of security best practices for authentication, authorization, and permissions.
- Ability to teach developers how to follow security best practices
- Hands on experience investigating & prioritizing vulnerabilities discovered by third party security tools. (Identifying false positives, out of scope items, adjusting CVSS severity of vulnerability to business context, etc.)
- Hands on experience with DAST tools
- Knowledgeable of CI/CD tools and how to integrate security into the pipeline
- Experience with scripting languages (Bash, Python, etc.)
- Experience with cloud platforms and securing them
- Secure Design Reviews
Preferred qualifications, capabilities, and skills
- Experience configuring and monitoring secret scanning tools
- Experience performing high risk code review/testing
- Knowledge of well-known Security Frameworks (ASVS, NIST CSF)