Job description

The job involves designing, developing, and maintaining security tools, integrating them into the CI/CD pipeline, performing security reviews and assessments, and resolving vulnerabilities. Required skills include a strong understanding of web application security threats, proficiency in languages like Python or NodeJs, experience with Kubernetes and cloud security, along with a hands-on, problem-solving attitude.

Responsibility

• Design, develop, and maintain security tools and web applications.
• Develop and integrate security automation tools into the CI/CD pipeline.
• Create threat models to identify and mitigate risks.
• Conduct security architecture and design reviews.
• Review source code to identify potential security vulnerabilities.
• Perform vulnerability assessments and prioritize identified vulnerabilities.
• Develop PoC exploits and collaborate with the engineering team.
• Solve complex vulnerabilities and communicate solutions.
• Build and maintain strong stakeholder relationships.

Qualifications

• 3 to 6 years of experience in Application Security with hands-on technical skills.
• Strong understanding of web application security threats, exploits, and prevention techniques.
• Proficiency in programming languages like Python, Go, or NodeJs.
• Experience with Kubernetes, cloud security, WAF, Bot manager.
• Implemented cryptographic controls and integrated SAST controls in CI/CD.
• Familiar with Red team exercises, threat hunting, and OSINT practices.
• Experience in mobile security testing, with knowledge of Selenium and Appium.