• Security Architecture: Design and implement application security architecture and processes, ensuring they align with industry best practices and regulatory requirements.

• Secure SDLC: Manage a risk-balanced SDLC by integrating threat modeling, secure code reviews, and security testing.

• Vulnerability Management: Identify, triage, and remediate security vulnerabilities through static and dynamic application security testing (SAST/DAST) and software composition analysis (SCA) tools.

• Security Assessments & Penetration Testing: Perform advanced penetration testing and red teaming across web, mobile, and cloud applications. Leverage exploit development techniques to identify high-risk vulnerabilities and collaborate with engineering teams for effective remediation.

• Secure Code Review: Analyze source code and provide security recommendations to developers to ensure adherence to secure coding best practices.

• Threat Modeling & Risk Analysis: Perform threat modeling to anticipate potential attack vectors and improve security architecture on complex or cross-functional components

• DevSecOps Enablement: Lead and enhance DevSecOps initiatives by identifying gaps and integrating security automation within CI/CD pipelines.

• Incident Response & Remediation: Lead security incident response related to applications and work with engineering teams to remediate threats.

• Security Awareness & Training: Develop and lead customized security training programs for engineering teams, focusing on OWASP Top 10, threat modeling, AI security risks, and secure coding principles.

Qualifications

• Bachelor's degree in Computer Science, Engineering, or related field

• Minimum 5 years of software development or software security experience in an agile environment with strong expertise in software secure coding practices, threat modeling, and vulnerability assessment.

• Hands-on experience with SAST, DAST, IAST, and SCA tools (e.g., GitHub Advanced Security, Checkmarx, Fortify, Veracode, SonarQube, Burp Suite, ZAP).

• Deep knowledge of API security (e.g., OWASP API Top 10, GraphQL security).

• Experience in securing containerized applications (Docker, Kubernetes).

• Knowledge of supply chain security risks (e.g., SBOM, software dependency management).

• Familiarity with AI/ML security risks and adversarial machine learning techniques.

• Experience with Infrastructure as Code (IaC) security (Terraform, CloudFormation).

• Fluent in one or more programming languages, such as Python, Java, JavaScript

• Strong knowledge of secure coding principles and application security frameworks.

• Familiarity with security tools (e.g., static and dynamic analysis tools, vulnerability scanners).

• Understanding of security standards and regulations (e.g., OWASP, NIST).

• Hands-on experience securing AI/ML applications, understanding adversarial attacks, model poisoning, and data privacy risks. Strong eagerness to learn and contribute to AI security advancements.

• Experience with cloud security best practices in AWS, Azure, or GCP.

• Experience with AI security best practices and implementations.

• Strong work ethic with a commitment to meeting business needs and effectively collaborating with global colleagues.

• Effective interpersonal skills; ability to collaborate successfully with both technical and non-technical stakeholders.

• Strong ability to balance security risk with business impact and communicate trade-offs effectively.

• Experience mentoring junior engineers and leading security champions within development teams.

• Ability to articulate complex technical concepts with clarity, supported by effective written and verbal communication skills.