- Bachelors of Computer Science or a related field, or equivalent experience.
- 10+ years overall experience in Security, Software and Platforms, with 5+ years dedicated to Application Security.
- Experience in Cloud environments.
- Experience in Secure by Design development practices, including providing guidance on Secure Architecture and System Design.
- Familiarity with SDLC and SDL methodologies.
- Ability to build or select application security tools and implement CI/CD pipelines.
- Strong communication skills for collaborating with engineering teams on complex application security issues.
- Experience with static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST):
- Experience with Security Infrastructure, Kubernetes Security, and Penetration Testing
Application Security team is responsible for safeguarding, auditing, and testing the security of SaaS entire platform. Our Application Security team aims to create a comprehensive and multi-dimensional approach to application security, with a focus on Security by Design in agile software development and cloud native environments.
,[Define process, guidelines and practices to ensure secure software development, collaborating with the team members and cross organizational stakeholders., Automate application security testing and controls., Conduct platform services testing to identify application security issues, adhering to industry standards like OWASP Web Security Testing Guide., Partner with engineering teams and product managers to prioritize and address vulnerabilities in Platform., Engage in both internal and external (vendor) penetration testing, Develop, Deploy, and Manage technical application security controls to meet regulatory and compliance requirements., Participate in audit processes to ensure regulatory and compliance needs., Contribute to the governance of platform security and fostering innovation within Platform.] Requirements: Security, Static application security testing, Dynamic application security testing, CI/CD Pipelines, SDLC, Kubernetes Tools: . Additionally: Training budget, Sport subscription, Private healthcare, Flat structure, Free coffee, Gym, Bike parking, Playroom.
application-security Communication SDLC CI/CD Security penetration-testing sast system-design