Job Description

JOB PURPOSE

We are seeking an experienced API & Application Security professional to enhance and streamline the security practices within our software development lifecycle. The ideal candidate will have a strong background in both API security and application security practices, with hands-on experience in performing intrusive assessments. This role involves building secure APIs, implementing security testing at every stage of development, and executing offensive security assessments to identify vulnerabilities. You will collaborate closely with development and security teams to ensure that security is seamlessly integrated into the entire application development process.




Design, implement, and maintain secure APIs and application security practices within the development lifecycle, integrating security testing tools at every stage. Automate security tasks to ensure continuous integration and continuous delivery (CI/CD) processes are secure and efficient. Work with development and operations teams to ensure the incorporation of security controls early in the software development process. Conduct intrusive penetration testing and vulnerability assessments on APIs, applications, infrastructure, and network systems. Perform security audits and code reviews to identify flaws in the development pipeline. Utilize advanced attack techniques and tools to simulate real-world cyberattacks, assess security gaps, and recommend mitigation actions. Identify and evaluate security risks related to software deployments and automation processes. Develop and implement strategies to reduce vulnerabilities in the development and operational environments. Provide actionable feedback and training to teams to improve secure coding and configuration practices. Work with cross-functional teams to integrate security throughout the development lifecycle. Prepare detailed reports, including risk assessments, security vulnerabilities, and actionable remediation strategies for technical and non-technical stakeholders. Stay updated on emerging security threats and vulnerabilities and implement best practices for secure development.

OPERATING ENVIRONMENT, FRAMEWORK AND BOUNDARIES, WORKING RELATIONSHIPS

The role is within the Information Security Group (ISG) and focuses on enhancing the security of APIs and applications within the software development lifecycle. This includes automating security tasks and conducting security assessments at all stages of development. The position operates under industry-standard security practices, secure coding principles, and relevant compliance frameworks. The role requires ensuring security is integrated early in development and maintaining secure coding practices. Works closely with development, operations, and security teams to incorporate security controls into the software development lifecycle. Interacts with technical and non-technical stakeholders to present risk assessments and security findings. * May work with external vendors or third-party experts to stay informed on security trends, tools, and threats.