- Mentor engineers to design secure solutions and mitigate insecure code from being implemented.
- Review source code manually and automatically for security weaknesses.
- Mitigate identified risks/vulnerabilities to an acceptable level.
- Track existing security issues to ensure remediation followed by the development teams.
- Identify new security issues by staying up-to-date on current security trends.
- At least 1 year of relevant working experience (remediation of security issues, static analysis and penetration testing, secure coding etc.).
- Familiarity with Agile development practices and how to integrate security into SDLC.
- Knowledge of:
- Security flaws and defence strategies (OWASP Top 10, OWASP Mobile Top 10, CWE 25, etc.).
- Secure coding concepts and practices in Java, Android, PHP, Ruby, Python, etc. for writing and correcting coding mistakes.
- Penetration testing of websites, web services, mobile applications (Burp, Fortify, Checkmarx, etc.).
- Hacking and security certificates (CISSP, CSSLP, OSCP, CEH, etc.).
- Ability to explain clearly security issues to project staff.
- Ability to write code to break code (applications).