Intermediate Security Developer (Application Security)to Strengthening applications vulnerability posture by supporting developers with remediation of crit

Our client is looking for a Intermediate Security Developer to Strengthening applications vulnerability posture by supporting developers with remediation of critical vulnerabilities in the Financial Industry.

Overview:

Identifies security vulnerabilities, continuously attempting to “break” software & systems; proposes & helps code solutions to cybersecurity problems

Must Have's:

• 5+ years of experience as a Security Developer
• GitLab Vulnerability Management (Development of Pipelines, Integrations of Security Scanning Tools i.e. SAST, DAST, Mobile, Secret)
• Experience with GCP (BigQuery, Cloud Run, GCS, Artifact Registry, Kubernetes)
• Ability to read and write code (i.e. Python, Node, SQL)
• Familiarity with Security Governance and Policy Development

Responsibilities:

• Designs, develops, and integrates new security features and updates into existing products and ensures security is maintained throughout the product life-cycle
• Provides product security engineering recommendations and resolves integration and testing issues
• Performs security assessments of company products that may include vulnerability and risk assessments, threat analysis, and security code reviews to identify potential design and implementation vulnerabilities
• Promotes security and secure practices and consults non-security experts on all relevant security considerations
• Engaging Teams: Providing support and insights on critical and high vulnerabilities through the Application Security Remediation (ASR) procedure. Serving as a subject matter expert for a security champions program and guiding team members through threat modelling processes
• Development of controls, governance, monitoring of Application Security Processes and defining/writing/implementing security standards for secure development practices across the organization
• Reporting & Data: Ensuring accurate ownership of GitLab projects and cleaning up attack surface data. We'll also document the vulnerability management procedure with clear governance and a RACI.
• Tooling & Coverage: Expanding vulnerability coverage with Jira integration, Sonatype scanning, mobile app scanning, and binary scanning. All findings will be visible in real-time dashboards.
• Upgrading Pipelines: Migrating from the existing compliance pipeline to a new, documented pipeline execution policy