What's the role about

The Application Security Lead is responsible for establishing and maintaining robust application security processes. They define security requirements, collaborate with development teams, identify vulnerabilities, conduct security testing, and participate in audits. The role requires knowledge of security standards, system/network security, and software development. Strong communication, analytical thinking, and problem-solving skills are essential. Additional experience in building security infrastructure, cloud security, and relevant certifications are advantageous. The Application Security Lead ensures secure application development and protects against vulnerabilities and threats.

What you’ll be doing

• Application Security Requirements Definition: Define and implement application security requirements for development.
• Process Development and Collaboration: Collaborate with development teams to establish a robust application security process.
  Security Issue Identification and Mitigation: Identify and address security issues and threats throughout the software development lifecycle, including reviewing business requirements, architectures, and designs.
• Vulnerability Analysis and Testing: Analyze and identify security vulnerabilities in web and mobile applications through source code review, manual security testing, and dynamic security scanning. Conduct vulnerability assessments, penetration testing, and ethical hacking to assess application security.
• Internal Security Assessments and Reviews: Participate in internal security penetration testing, security audits, and regression reviews.
• External Audits and Certifications: Facilitate external security audits and certifications.
• Integration of Security in Software Development Lifecycle: Ensure security considerations are integrated into all stages of the software development lifecycle.
• Stakeholder Communication and Coordination: Communicate and coordinate with stakeholders to promote a strong application security culture.
• Industry Knowledge and Learning: Stay updated with the latest security trends, technologies, and best practices.
• Guidance and Support: Provide guidance and support to development teams regarding secure coding practices and security-related issues.
  
  

What you’ll need to be successful in the role

• Scientific Degree and Technical Background: A degree in computer science, information technology, information security, or a relevant discipline provides a solid foundation for understanding and addressing application security challenges.
• Security Knowledge: You should have a strong understanding of security aspects, including familiarity with the OWASP Top 10, secure coding best practices, and industry standards such as PCI DSS and ISO 27001.
• System and Network Security: Knowledge and experience in system and network security, including firewalls, intrusion detection and prevention systems (IDS/IPS), and other related technologies, are essential for effectively assessing and addressing security risks.
• Penetration Testing and Security Auditing: Experience with commercial and/or non-commercial tools and services for penetration testing and security auditing is important for identifying vulnerabilities and assessing the overall security posture of applications.
• Software Architecture and Development Experience: Having a background in software architecture and/or development is valuable for understanding the intricacies of application security and effectively reviewing source code for vulnerabilities.
• Communication and Organisation Skills: Strong communication skills are necessary for effectively collaborating with development teams, stakeholders, and external auditors. Additionally, organizational skills are important for managing security processes and documentation.
• English Proficiency: A solid command of the English language, at an upper-intermediate level or better, is crucial for effective communication within an international team and for accessing relevant security resources.
• Analytical Thinking and Problem-Solving: The ability to think analytically, solve complex problems, and make informed decisions is essential for identifying and addressing security issues throughout the software development lifecycle.