Application Security Lead | Offshore

Responsibilities • Shift left security efforts to build security into the software development lifecycle: • Conduct secure design reviews and threat modeling to identify and prioritize risks, attack surfaces, and vulnerabilities • Deploy and operationalize static (SAST), dynamic (DAST), dependency (SCA) and secrets scanning • Work with Platform DevOps team to build and maintain security automation tools to seamlessly embed inline security checks into CI/CD pipelines • Partner with Platform DevOps to help design secure-by-default architectures and workflows • Assist with application security code reviews of source code changes and advise developers on remediating vulnerabilities following secure coding practices • Establish and track SLA governance to ensure security findings are identified, prioritized, and remediated. • Maintain application asset inventory. • Lead the Security Champions Program to build security-minded culture amongst developers and IT Operations teams. • Act as a trusted advisor and partner for development and cross-functional project teams, providing actionable guidance to address security. • Help with training on secure coding practices, empowering teams to proactively prevent vulnerabilities. • Evaluate and implement security tools and automation solutions to enhance the security posture of applications and streamline security processes. PROFILE • Bachelor's degree in Computer Science, Information Security, or related professional experience. • Have 3+ years of hands-on experience in application security, including securing cloud-based and containerized environments. • Experience performing secure code reviews and interpreting SAST/SCA/DAST results. • Strong experience with modern development workflows, including CI/CD pipelines, using Azure Pipelines and GitHub Actions. • Working knowledge of the OWASP Top 10 for web applications and APIs and how to apply the standard to minimize security risk. • In-depth understanding of vulnerabilities and secure coding practices. • Hands-on experience with security tools like Snyk, Veracode, Burpsuite or similar. • Familiarity with cloud platforms (AWS, Azure) and containerization (Docker, Kubernetes). • Proficiency in programming languages like Python, Java, or C# is preferred. • Have empathy, collaboration skills, and a learning mindset to work cross-functionally with engineers of all levels to build security into the product life cycle. • Possess broad security knowledge to connect the dots across domains and identify holistic ways to lower the overall threat surface. • Have the ability to distill complex security concepts into clear actions and drive consensus with minimum supervision. • Demonstrated success in partnering with developers to integrate security. Originally posted on Himalayas