Responsibilities:

- Work as an internal security consultant to help product & engineering teams understand the security risk and advise them on best practices.

- Design and implement secure architecture solutions for applications and systems.

- Conduct threat modeling exercises to identify and mitigate potential security threats.

- Document and communicate threat modeling findings and recommendations.

- Perform periodic Security Assessments and code reviews to ensure compliance with SSDLC practices.

- Perform proactive research to detect new attack vectors and pentest internal and external apps.

- Implement security controls and best practices within CI/CD pipelines. Automate the security testing tools and processes within the CD/CI pipeline.

- Develop security tools and security metrics.

- Manage and Oversee vulnerability disclosure program by coordinating with external researchers to validate and triage reported vulnerabilities.

- Develop and maintain security standards and guidelines for application development.

- Develop and deliver Appsec training programs for developers and infra teams.

- Promote a security-first mindset across development teams.

- Participate in on-call rotation and lead security incident response.

Basic Qualification:

- Minimum 3-5 years of experience in secure software development, Security Architecture, threat modeling, or related roles.

- Relevant Professional certifications such as CISSP, OSCP, GWEB, CREST-CWAT or similar are highly desirable.