Responsibilities:
- Act as the main security point of contact & SME
- Conduct High Level & Low-Level technical risk assessments
- Conduct document and conceptual design reviews
- Perform security activities, including but not limited to, security design reviews, risk assessments, threat modelling, and vulnerability management and risk mitigation
- Embedding security within DevOps (eg CI/CD pipelines), developing security requirements
- On-demand Security assessment of various components like Web apps, Containers, Platforms etc
- Reviewing security assessment reports and create a remediation pipeline
- Experience in web application security assessments like SAST, DAST etc.
- Act as the Security subject matter expert within Agile/waterfall project planning, development, and execution
- Obtain and review all required artefacts as part of the application security framework
- Drive security evaluation early in the cycles through iterative security testing
- Provide advisory services and direction to development teams during development cycles
- Manage control exemptions/remediations identified through projects
- Advise on external regulatory requirements
- Provide metrics for relevant areas of responsibility when required
- Challenge stakeholders to ensure security is efficiently delivered
- Mediate between development and security teams to facilitate business