Posted by

Recruiter

You should possess an extensive hands-on experience in solutions design and development and a deep understanding of web and mobile application security, API security, container security, data protection. You should also understand basic concepts, and be able to learn advanced concepts, about cryptography, networking security, operation system security.

Roles & Responsibilities:

Perform secure design review, secure code review, threat modeling, and assist developers in triaging scan results.
Develop comprehensive and accurate reports and presentations for both technical and executive audiences and make recommendations for security improvements.
Effectively communicate findings and strategy to stakeholders including technical staff and executive leadership.
Develop secure coding guidelines, training courses on secure coding best practices, related to cryptography, authentication, access control, etc.
Leading engagements with Engineering teams from scoping through remediation, and mentoring less experienced staff.

The day-to-day activities:

A typical job could be reviewing source code and configuration of mobile applications and APIs, to identify potential vulnerabilities to bypass security controls. If, just by reading the source code, you can find secrets hardcoded in the mobile application or in configuration files, identify a weak implementation of cryptographic controls, present relevant data in a digestible manner, think well outside the box, or are astute enough to quickly learn these skills, then you’re the type of Analyst we’re looking for.

The must haves:

Strong background in coding, fluent in several modern programming languages
Excellent understanding of secure design and coding best practices.
Experience using scanning tools for mobile, API and web application security testing.
At least 8 years experience with a minimum of 3 of the following:
Strong experience with AWS, Azure or GCP
Design of highly-available and highly-secure solutions in financial sector
Design of container-based infrastructures in the cloud
Development of mobile applications, RESTful APIs, web applications
Secure code review of mobile applications, RESTful APIs, web applications
Any of the following certifications and experiences would be a plus:
Certifications from AWS, Azure or GCP related to solutions architecture, development or security
Cybersecurity certifications, such as OSWE, CCSLP, GWEB
Speaker at developer or security conferences, such as Devoxx, GopherCon, Defcon or Bsides
Author or contributor in F/OSS projects