Role Requirements :
· 8+ years of industry experience working with Application and Cloud security.
· Lead application security reviews and threat modeling, including code review, DAST , SAST.
· Experience (hands-on) with security tools integrated into our CI/CD and production environments such as SonarQube, Snyk, Veracode.
· Familiar with CSPM products , WIZ, Palo Alto Prisma cloud.
· Strong hands-on knowledge and experience with Kubernetes security and platform.
· Skills related to Secure Software Development Lifecycle (SSDLC) Secure configuration management and secure SDLC methodologies.
· Experience reviewing security aspects of software designs.
· Familiarity with regulatory requirements and compliance standards (FedRAMP, NIST, ISO 27001, PCI, HIPAA, SOC2 ).
· Cloud security risk assessment & Network security architecture.
Job Requirements:
· Develop and promote security architectures to protect microservices, serverless, containers, application development and operations practices
· Hands on experience architecting and securing Cloud Computing Platforms. ( AWS , GCP )
· Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10)
· Responsible for providing security guidance to other team members in their design, implementation and support of new cloud architecture and automation technologies.
· Provide security reviews and threat modeling for difficult or highly complex applications or cloud archtecture.
· Develop secure cloud architecture designs, considering best practices, regulatory requirements and business objectives.
· Drive deep security architectural discussions in a collaborative manner to ensure cloud deployments are automated and successful.
· Ensure compliance with information security practices and standards to reduce breaches, audit findings, regulatory liability, and legal exposure
· Ensure appropriate enterprise security solutions are in place to mitigate identified risks, meet business objectives, and satisfy regulatory requirements by engaging with security specialists and other functional area architects.
· Lead application security reviews and threat modeling, including code review and dynamic testing.
· Develop automated security testing systems or centralized security libraries that enable developers to write secure code more easily
· Drive initiatives which scale application security and holistically address multiple vulnerabilities.
· Some development or scripting experience and skills ( Java \ python )
· Strong experience working closely with developers
· Author project plans for security initiatives