As an Application Security Architect or Application Security Consultant you will be responsible for leading the team that will implement Application Security program on, establishing secure SDLC process and secure architecture.
- Lead and coordinate Security Audits for on-going projects: (from Architecture, Process, Risk and Testing etc.).
- Work as a Security Consultant helping to establish secure development activities in SDLC end-to-end, be able to provide clarifications related to security in development.
- Perform Application Security Trainings for Development Teams.
- Contribute to building Secure Architecture and Design for the projects.
- Communicate with customers and teams, be able to convey the message about importance of Secure Software development Life Cycle, the ways of establishing it.
- Cooperate with all sub-teams: BAs, Developers, Qas; build consistent understanding of Security Requirements, main Threats, Mitigations implemented.
- Be able to communicate and coordinate work with other Security Teams - Infrastructure Security Experts, Penetration Testers.
- 3+ years of professional experience in the field of Software Development
- Passion to develop in the field of Security
- Understanding of at least one Security Development methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM etc)
- Understanding of main Security-related activities in development such as Security Requirements gathering, Risk Assessment, Threat Modeling, Security Code Review
- Understanding of security threats, their classification
- Understanding of most common implementations of the Threats (e.g. XSS, SQL Injection, XSRF, buffer overruns, brute force, rainbow tables, DoS etc.) and how they match the general classification
- Understanding of main security concepts and principles
- Understanding of main areas of protection and levels of defense
NICE TO HAVE:
- Familiarity with the tools for various security activities: Static Code Analysis, Pen Testing, Intrusion Detection/Prevention etc.
- Knowledge of Security Features and Mechanisms provided by at least one OS and development platform/technologies
- Understanding of mitigation mechanisms for every type of threats
- Familiarity with existing security standards and regulations experience of requirements implementation
- Understanding of basic principles of infrastructure security and penetration testing
- Ability to use the tools to perform actual attacks is a plus
- Certification in any security area is a plus
LINK TO APPLY: