Responsibilities
- Conduct security evaluations and review source code across web, mobile, and API platforms using both manual techniques and automated tools to verify compliance with recognized security benchmarks.
- Evaluate and prioritize reported vulnerabilities from bug bounty programs, external penetration tests, and public disclosures, contributing to the development of a structured bug bounty initiative over time.
- Support the integration of security scanning tools—such as static, dynamic, and software composition analysis—into continuous integration and deployment workflows on AWS and GitHub.
- Work alongside experienced security and product teams during threat modeling exercises to detect design-level weaknesses and logical flaws early in the development lifecycle.
- Engage with engineering groups to promote secure development practices and help create standardized, secure frameworks and libraries for Kotlin and Python applications.
- Develop expertise in protecting cloud infrastructure, including infrastructure-as-code configurations and AWS-hosted environments, to maintain the integrity of a distributed microservices setup.
