Responsibilities
- Perform in-depth security evaluations, code inspections, and penetration tests to detect weaknesses and risks in software using recognized tools and frameworks, and deliver actionable remediation guidance.
- Detect security flaws uncovered during evaluations and partner with engineering teams to ensure timely fixes, tracking resolution progress and verifying risk closure.
- Manage and maintain application security technologies, including configuring static analysis tools, dynamic testing platforms, and web firewall systems to improve defense capabilities and apply preventive measures.
- Assist in responding to application-related security incidents by supporting detection, analysis, and resolution activities, working closely with incident response units to determine root causes.
- Foster security consciousness across development groups and key stakeholders via training, workshops, and outreach initiatives, promoting secure coding, threat defense, and regulatory compliance.
- Document security assessment outcomes, identified issues, and resolution actions thoroughly, and generate periodic reports with metrics on vulnerabilities, compliance, and program performance for leadership review.
- Work with developers, architects, IT operations, and security personnel to embed security controls throughout all phases of the software development lifecycle.
- Seek ways to enhance, streamline, and automate application security processes, while staying informed on emerging threats, vulnerabilities, and industry trends to recommend effective countermeasures.