Publicado hace 34 días
$75,000 MXN/mes brutos
*Salario especifico depende del proceso de selección
Security Integration: Collaborate with development teams to integrate security practices into all phases of the software development lifecycle (SDLC) using "shift-left" principles. Developer Enablement: Advocate for and implement "developer-first" security tools and processes that empower developers to write secure code without sacrificing agility. Framework Expertise: Utilize your expertise in key application security frameworks (e.g., OWASP Top 10, SANS Top 25) to assess and enhance the security of our applications. Code Reviews: Conduct security-focused code reviews and provide actionable feedback to developers. Security Champions Program: Lead and expand our Security Champions program by identifying and mentoring developers across the organization to be security advocates. Vulnerability Management: Work with teams to identify, prioritize, and remediate security vulnerabilities in applications. Threat Modeling: Collaborate with teams to perform threat modeling, identifying potential security risks early in the development process. Red Teaming: Work in a proactive and non-destructive manner to continually test internal services for vulnerabilities and weaknesses. Consult with the corresponding product owners and engineering teams to prioritize and correct any issues identified. Continuous Improvement: Stay updated on the latest security trends and continuously improve our security practices, tools, and frameworks.
Qualifications:
Experience: 3+ years of experience in application security with a background in software development.
Technical Skills: Proficiency in at least one programming language (e.g., Java, Python, JavaScript, etc.) and familiarity with CI/CD pipelines and tools.
Framework Knowledge: Deep understanding of application security frameworks and standards (OWASP Top 10, SANS Top 25, NIST, etc.).
Developer Tools: Experience with developer-centric security tools (e.g., SAST, DAST, SCA, etc.).
Security Principles: Strong grasp of secure coding practices, threat modeling, and vulnerability management.
Collaboration: Excellent communication skills and the ability to work effectively with cross-functional teams.
Mindset: A proactive, "security-as-code" mindset, with a focus on embedding security into every stage of the development process.
Preferred Qualifications:
Experience in cloud security and understanding of cloud-native applications.
Knowledge of container security and microservices architecture.
Certifications such as CISSP, CEH, or equivalent.
Python
Java
CI/CD