The role is an integral part of our Cyber Security team and of the entire DevSecOps program.
Application Security Lead will be working very closely with the product, Dev, and DevOps teams to provide continuous support of secure product design, lead Deep’s product security activities, make risk mitigation recommendations, and suggest and review solutions. This is a key position in the process of building the security culture in the product development organization.
The ideal candidate is highly motivated, demonstrating a ‘can do' attitude and needs to have a combination of troubleshooting, technical and communication skills, as well as the ability to handle a mix of multiple tasks which may include project and technical work. This role will provide career growth opportunities as you develop/acquire new security skills in the course of your duties.
- Plan, develop, implement, and maintain the secure software program.
- Conduct security reviews and threat modeling to existing and new software products and features developed internally, as well as for different 3rd party and open-source technologies.
- Provide vulnerability remediation guidance and mentoring to product development teams.
- Define and evangelize application security best practices.
- Support deployment of automated security tools throughout the development lifecycle.
- Take an active part in the company architectural forums and provide the security perspective in new application initiatives and projects.
- Research of new technologies, architectural trends, and security practices.
- Training and mentoring peers, Dev, and DevOps engineers.
· Minimum 3 years of experience in a similar role
· Understanding of Software Security Design, SDLC and the ability to clearly articulate best practices for application security.
· Development experience (Python, C++, and any other language).
· Vast experience in running threat modelling.
· Experience with the OWASP Top 10 and SANS 25, how to identify and remediate them.
· Technical knowledge of access control mechanisms, intrusion detection and prevention, encryption, digital certificates, and trust-based authentication
· Experience in securing Linux-based OS, and containers.
· A basic understanding of network and web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS, protocols).
· Strong analytical and research skills
· Advanced interpersonal and communication skills.
· Familiarity with cloud security controls and best practices (AWS / GCP).
· Experience in DevOps environments and automating security controls into the CI/CD process