- Conducts security assessments, threat modeling, and vulnerability reporting and develops security architecture patterns for implementing new solutions and products

- Performs application security reviews for our products and services to identify and/or validate vulnerabilities and attack chains.

- Communicates findings, attack paths, and recommendations to technical and executive stakeholders through written reports and verbal presentations

- Develops and maintains methodologies for penetration testing

- Assists with decision-making, prioritization, and support throughout the secure software development life cycle (s-SDLC) on a variety of security domains

- Participates in requirements gathering, secure coding and configuration, software testing, and third-party component management and defect management

- Serves as point of contact on secure development and security best practices

- Consults cross-functionally to embed security gates into their existing SDLC, leveraging automation when possible

- Drives the development of standards, practices, and processes to establish, manage, and report adherence to application security requirements and best practices

- Attends regular stand-ups and planning meetings to build positive relationships with key stakeholders

- Serves as the security authority on assigned products, ensuring the security controls are functioning, security requirements are provided before coding begins, and that vulnerabilities are fixed within their SLAs

- Ensures s-SDLC controls are embedded in assigned product and serves as control owner for a subset of these controls

- Engages in application and domain-specific threat modeling, as well as attack surface analysis and reduction.

Educational/Vocational/Previous Experience Recommendations :

- Ability to manage projects and processes independently with limited supervision

- Recognized subject matter expert of applicable work area

- Ability to situationally adapt and understand new technology/processes as per business requirement

- Ability to identify application vulnerabilities and advise on appropriate remediation

- Solid understanding of common languages such as .NET, Python, JavaScript, Go, etc.

- Strong foundation in core information security principles and concepts (encryption, authentication, etc.)

- Effective communication skills, with the ability to explain sophisticated security topics in simple terms to technical and non-technical stakeholder