Roles & Responsibilities:

• Review and design application security controls and cloud security architectures.
• Conduct manual secure code reviews and assessments for web, non-web, and cloud applications.
• Interact with developers to gather source code details, conduct code reviews, and provide remediation assistance.
• Document vulnerabilities and assist with mitigation.
• Validate fixes on reported vulnerabilities.
• Coordinate with local and onsite teams, including vendor consultants.
• Provide regular status updates on tasks and deliverables.

Qualifications:

• Bachelor’s degree in computer science or a related discipline preferred.
• 4-5 years of experience in secure coding and code reviews.
• Proficient in identifying OWASP Top 10 vulnerabilities and SANS Top 25 programming errors.
• Strong knowledge of secure coding principles in Java, Angular/Node JS, JavaScript, Python, Ruby, etc.
• Familiar with security frameworks (OWASP, SANS CWE) and secure coding practices.
• Experience with web stack technologies (HTTP, HTML5, AJAX, REST) and platforms (Tomcat, .Net, MS SQL).
• Skilled in creating custom proof of concept application exploits using various scripting languages.
• Understanding of authentication and authorization mechanisms across web technologies and protocols (SSL/TLS, REST, OAuth, SAML).
• Knowledge of DevSecOps and cloud/container infrastructures.
• At least 4 years of development experience with 3+ years in secure code review and application security.
• Excellent communication and organizational skills.
• Relevant certifications (CSSLP, GSSP-Java, CSP) are a plus.