What You’ll Do:
Work cross-functionally with software engineering, infrastructure, DevOps, and IT teams to strengthen product security. Lead security risk assessments, manual and automated testing, threat modeling, and internal training focused on secure development practices.
Support secure CI/CD pipeline development and guide engineering teams through secure design and implementation. Plan and execute internal and third-party penetration tests on critical systems, and manage remediation efforts with stakeholders.
Develop application security requirements and perform code reviews, tooling integration, and automation using SAST, DAST, and related frameworks.
Success Looks Like:
Security seamlessly integrated into each phase of the development lifecycle
Adoption of automated tooling to scale security assessments and reduce manual overhead
Strong cross-team collaboration that promotes secure engineering without slowing delivery
Continuous iteration of security controls and processes in response to new threats and technology
What You Bring:
5+ years in secure software development or application security, including experience designing security into complex systems
Deep familiarity with OWASP/CWE vulnerabilities and exploitation techniques, and the ability to guide secure remediation
Strong communication skills and ability to translate technical risk to both developers and executive stakeholders
Hands-on experience with security architecture, DevSecOps practices, and secure CI/CD integration
Experience deploying and managing tools like SAST, DAST, IAST, RASP, and WAF, and building strong vendor relationships
Knowledge of security compliance frameworks such as PCI, NIST, FedRAMP, or ISO 27001
Proficiency in Python, Go, Java, JavaScript, or similar languages
Familiarity with tools such as Burp Suite, OWASP ZAP, Metasploit, and mobile security frameworks for iOS and Android