Job Description
Primary Purpose:
• Promote a Shift-Left Security Mindset: Embed security requirements early in the
development lifecycle by driving security and privacy best practices from design to
deployment.
• Implement via Influence: Collaborate with Product Owners, Architects, Developers, Testers,
and Engineers to integrate security patterns into features and stories.
• Perform Assessments: Conduct security assessments, identify gaps, and recommend
effective remediations to strengthen application and infrastructure security.
Key Skills:
• Web Application Security
• Security Code Review
• API Security
• Infrastructure Security
• Integration Security
• Database Security
• Secure Configuration Review
Tools & Technologies:
Burp Suite | Postman | Tenable Nessus | Checkmarx SAST | GitHub
Strong knowledge of Monolithic & Microservice Architectures and Pipeline-driven Security
Technical Expertise:
• Web Application Security (OWASP Top 10, CVSS)
• Manual Security Code Review (e.g., Git)
• API & Container Security Reviews (e.g., OpenShift)
• Database & Web Server Security Enhancements
• Configuration Review & Identification of Misconfigurations
• Integration and Transport Layer Security Reviews
• Ability to assess and secure microservice-based architectures
• Experience in DevOps environments with CI/CD, DAST/SAST tools
• Familiarity with building and addressing “Evil Stories” (Threat Scenarios)
Soft Skills:
• Excellent collaboration and stakeholder management
• Strong communication — able to explain technical findings simply
• Influential and assertive in driving security decisions
• Balances security with functionality and performance
• Strong decision-making, time management, and problem-solving skills
• Positive attitude and ability to work independently