Description

• Security Integration: Collaborate with development teams to integrate security practices into all phases of the software development lifecycle (SDLC) using "shift-left" principles.
  

• Developer Enablement: Advocate for and implement "developer-first" security tools and processes that empower developers to write secure code without sacrificing agility.
  

• Framework Expertise: Utilize your expertise in key application security frameworks (e.g., OWASP Top 10, SANS Top 25) to assess and enhance the security of our applications.
  

• Code Reviews: Conduct security-focused code reviews and provide actionable feedback to developers.
  

• Security Champions Program: Lead and expand our Security Champions program by identifying and mentoring developers across the organization to be security advocates.
  

• Vulnerability Management: Work with teams to identify, prioritize, and remediate security vulnerabilities in applications.
  

• Threat Modeling: Collaborate with teams to perform threat modeling, identifying potential security risks early in the development process.
  

• Red Teaming: Work in a proactive and non-destructive manner to continually test internal services for vulnerabilities and weaknesses.  Consult with the corresponding product owners and engineering teams to prioritize and correct any issues identified.
  

• Continuous Improvement: Stay updated on the latest security trends and continuously improve our security practices, tools, and frameworks.