Responsibilities
- Develop and implement comprehensive Security Architectures for our products and Applications, considering various factors such as threat models and business requirements
- Conduct regular security assessments and vulnerability analysis to identify potential risks and propose appropriate mitigation strategies
- Collaborate with software development teams to provide security-focused guidance throughout the application development lifecycle
- Conduct code reviews and penetration testing to identify security vulnerabilities and suggest remediation measures
- Stay updated with the latest security technologies and trends, incorporating them into existing security frameworks as necessary
- Define and enforce security policies, standards, and procedures to maintain strong security posture
- Conduct security trainings and workshops to raise security awareness among team members
- Keep up-to-date documentation on Security Architecture designs, policies, procedures, and incident response plans
- Support the automation of security testing and more efficient discovery, tracking, and resolution of security vulnerabilities
- Collaborate closely with security champions to enhance and optimize our security champion program, fostering continuous improvement and promoting a proactive approach to security throughout the organization
Preferred Qualifications :
- Bachelor's or Master's degree in Information Security, Computer Science, or a related field
- Minimum of 7 years of experience in product / Application Security, with expertise in securing web and mobile applications
- Strong knowledge of secure coding practices, common web application vulnerabilities (e.g., OWASP Top 10), and secure development lifecycle (SDLC)
- Experience with threat modeling, risk assessments, and vulnerability management
- Proficiency with security tools such as static and dynamic analysis tools, penetration testing frameworks, and vulnerability scanners
- Familiarity with relevant security frameworks, standards, and regulations (e.g., ISO 27001, NIST, GDPR)
- Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and senior stakeholders
- Relevant certifications such as CISSP, CSSLP, and OSCP are highly desirable
- Strong analytical and problem-solving abilities, with a keen attention to detail
- Strong Knowledge of development and integration tools and technologies (e.g. CI / CD)
Hace 1 hora