Senior Application Security Specialist
Indexed description
About The Job
Reporting to the Director of Information Security, the Senior Application Security Specialist is responsible for assessing and securing web-based, in-house developed applications and open-source telephony solutions. This role offers the unique opportunity to collaborate with the security analyst team on new security initiatives and develop in-house tools to support threat monitoring, vulnerability management, and security control administration.
As Senior Application Security Specialist, You Will…
- Assess software and applications for security vulnerabilities through code reviews, automated scanning, fuzzing, and manual inspection.
- Work with the development team and participate in developer sprint planning to identify potential security impacts and mitigation strategies.
- Develop, implement, and manage tools and processes to aid in software security testing activities (SAST, DAST, IAST).
- Provide security reviews and approvals as part of ticketed code-release workflows.
- Implement and manage automated vulnerability scanning tools in the development CI/CD pipeline.
- Champion the development, implementation, and operationalization of a Security Software Development Lifecycle (SSDLC).
- Document and communicate found issues to the developer or infrastructure teams.
- Work with the security team to identify methods to bolster threat detection and prevention based on discovered issues.
- Liaison with contracted third parties to perform application security assessments.
- Attend client meetings and respond to client questionnaires to address inquiries related to secure development practices.
- Bachelor’s degree in Computer Science, Information Security, or equivalent; or 5 years of comparable work experience.
- Security Certifications such as CISSP, C|ASE, GPEN, or OSCP.
- Professional experience in conducting application security assessments and penetration testing.
- Experience in working with .NET (C#), Python, and ASP.
- Professional experience with penetration testing tools (e.g., Burp Suite, ZAP, SQLMap).
- Experience deploying tools that integrate with CI/CD pipelines to automate vulnerability testing.
- Familiarity with the application of agile coding practices, OWASP, and the OWASP Testing Project, or other similar frameworks.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search