Application Security Specialist

• Conduct system vulnerability scanning to identify infrastructure vulnerabilities in networks, systems, middleware and databases.
• Able to execute manual penetration testing and techniques to concentrate on business logic flaws and weaknesses exploitable by automated tools and scripts. 
• Design the secure software development lifecycle to define the security requirements, control gates and go-live criteria.
• Develop threat modelling to perform a systematic analysis of weak areas or gaps from an attacker's perspective. 
• Review and integrate security principles into the application design and concepts at the requirement gathering and design review stage.
• Define the operational processes for static and dynamic code analysis tools by integration into the CI/CD pipelines. 
• Perform security review of source code and advise the developers in the area of input validation, authentication management, session management, access control, cryptography, error handling, secure file management, memory management and data protection.
• Perform vulnerability risk assessments to evaluate the likelihood and impacts of each vulnerability identified. 
• Conduct manual verifications of vulnerabilities to reduce false positives and enhance the remediation efforts by shortening the remediation time frames.
• Manage the remediation lifecycle with a risk-based approach to ensure all vulnerabilities are remediated according to acceptable industry standards.
• Manage the end-to-end process of handling externally reported vulnerabilities.

Requirements

• Total experience of 5-7 years in cyber security.
• At least 3 years of experience in the areas of bug bounty, penetration testing and vulnerability assessment
• At least 2 years of experience in the area of vulnerability management
• At least 2 years of experience in the area of software development and scripting is a plus
• Familiarity with security tools such as Burp Suite, Wireshark, Tenable, NMap, SQLMap, Kali Linux
• Knowledge of programming and scripting languages and reviewing source code is a plus
• Knowledge of cloud security is a plus
• Knowledge of container security is a plus 
• Knowledge of DevSecOps and security tools in CI/CD is a plus
• OSCP, OSWE, AWS Certified Security - Specialty, Google Professional Cloud Security Engineer, Microsoft Certified: Azure Security Engineer Associate, GPEN, and/or CREST certification is a plus
• Experience with a tech or financial services company is a plus