Security Awareness and Training :

- Promote awareness of application security risks and best practices among development teams, stakeholders, and other relevant parties.

- Deliver or facilitate training sessions and workshops on secure coding practices, vulnerability management, and related topics.

- Foster a culture of security consciousness and accountability across the organization.

Compliance and Regulatory Compliance :

- Ensure that applications comply with relevant security standards, regulations, and industry certifications (e., OWASP, PCI DSS, GDPR).

- Collaborate with compliance teams to assess and address security requirements imposed by regulatory bodies or contractual obligations.

Vendor and Third-Party Risk Management :

- Assess the security posture of third-party applications, libraries, and services used within the organization's environment.

- Establish and maintain processes for evaluating and managing the security risks associated with third-party software components.

Continuous Improvement and Innovation :

- Monitor industry trends, emerging threats, and evolving security technologies to continuously improve the effectiveness of application security practices.

- Identify opportunities for innovation and automation to streamline security processes and enhance the efficiency of security operations.

Skills :

- Prior work experience in application security is mandatory.

- Should have solid experience in Penetration testing.

- Candidates should be familiar with Azure WAF.

- Candidates must have excellent verbal and written communication skills.

- Candidates should be familiar with waterfall and agile development processes and have experience integrating secure development practices into both models.

- Familiarity with a variety of development and testing tools.

- Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience and discuss effective defensive techniques