Application Security Specialist

Job Description

So, what will your new role look like?   

In this role you will be assisting in the re-establishment of our application security program, collaborating closely with developers to integrate security into the development process and building strong relationships with security champions across the organization.   

A typical week?   

A typical week would involve reviewing the output of our code scanning tools, leading tech design sessions with development teams, coordinating with security champions and continuously refining our application security processes to ensure they align with our broader vulnerability management goals. 

What does your future team look like?   

The Application Security team is a key part of the overall Security team, which consists of Security Operations and GRC.  The AppSec team will have a manager leading the team, with two AppSec specialists supporting the program. 

What are the next challenges awaiting your team?   

• Re-establish the AppSec program as part of the larger vulnerability management program.
• Work with our developer community on establishing a process from vulnerability discovery, triage and remediation (end-to-end).
• Enlist & engage security champions for the AppSec program (within dev community) and cultivate these relationships. 

The Application Security Specialist supports the secure design and development of new systems, applications, and solutions for the organization.  

Main Responsibilities 

Support decision-making in terms of application security:

• Oversee and administer application security tools (SAST, DAST, SCA). 
• Manage the bug bounty program, including triaging reports and coordinating with developers for remediation. 
• Educate and empower development teams by providing training, resources and guidance on secure coding practices, vulnerability management and threat mitigation strategies.   
• Lead security champion meetings with development teams to drive the adoption of a security-first mindset and promote continuous learning and improvement in security practices. 
• Being able to present the pros and cons of a security recommendation. 
• Adapting vocabulary and promote security concepts to ensure common understanding. 
• Raising security awareness within the product and development teams regarding various security issues. 
• Ensuring product and development teams are prioritizing and embedding Application Security in SSDLC. 
• Assessing and monitoring the application security risk profile.  

Collaboration with internal and external teams:

• Work with the decision-makers to ensure security initiatives are embedded into the product roadmaps.    
• Collaborate with internal teams and external security partners entities to conduct application security risk assessments.    
• Inform and educate teams about norms, standards, best practices, methods and tools for application security development.    
• Act as a reference and main point of contact to answer security related questions across the organization (Internal).     

Keep up to date with security related news:

• Stay informed on legislation that can affect the organization’s security policies. 
• Stay up to date with security news on norms, standards, best practices, methods and tools.    
• Technology awareness. 
• Be at the cutting edge of theory, tools and methodologies.    
• Maintain active understanding of industry practices for secure software development.  

Documentation.

• Documentation of norms, standards, best practices, methods and tools for application security.    

Qualifications 

• Bachelor’s Degree in Computer Science, Information Security, or a related field; equivalent experience will also be considered;
• 3-5 years of experience in application security with a strong background in securing software development processes;
• Proficient in secure coding practices and familiarity with common vulnerabilities such as those listed in the OWASP Top Ten;
• Experience with vulnerability assessment tools (e.g., SAST, DAST) and a proven track record of identifying and remediating security issues in code;
• Strong understanding of threat modeling methodologies and ability to evaluate and prioritize potential threats;
• Knowledge of DevSecOps principles and experience integrating security into CI/CD pipelines;
• Excellent communication skills, with the ability to effectively convey complex security concepts to developers, stakeholders, and non-technical audiences;
• Experience working with developer communities to establish and maintain processes for vulnerability discovery, triage, and remediation;
• Familiarity with regulatory requirements and industry standards such as GDPR, HIPAA, or SOC 2;
• Preferred: Certifications such as CISSP, CISM, or CSSLP are a plus;
• Preferred: Experience in cloud security and securing applications in cloud environments like AWS, Azure, or GCP.