- Serve as the security subject matter expert around Application Security topics, processes, and tools
- Partner with Product Engineering to improve security and quality within the software development lifecycle (SDLC)
- Integrate SAST, SCA, DAST, IaC, and Container scanning into CI/CD pipelines
- Interpret SAST, SCA, DAST, IaC, and Container scanning analysis tools results, and penetration test results and describe issues and fixes to non-security experts
- Train developers in various aspects of security to include secure coding, security requirements, SAST, SCA, DAST, IaC, and Container scanning security tools, etc.
- Manual and automated review of software code to enable software engineers to prioritize remediation of security vulnerabilities
- Provide vulnerability remediation guidance and mentoring to product development software engineers
- Review, analyze, and evaluate both internally developed software and vendor products and procedures to address security requirements
- Identify and automate security processes and practices
- Evaluation of new technologies, tools, and/or development techniques that impact Application Security
- Ability to reason about security decisions
Job Skills:
- Understand Application Security practices and operations
- Ability to communicate effectively with business representatives in explaining security topics clearly and where necessary, in layman's terms
- General understanding with SAST, SCA, DAST, IaC, and Container analysis tools
- Ability to interpret SAST, SCA, DAST, IaC, and Container analysis results, and penetration test results and describe issues and fixes to non-security experts
