Application Security Lead | Offshore

About the Role

As a key member of the security team, the Application Security Lead will be responsible for conducting secure design reviews, threat modeling, and security code reviews to identify and prioritize risks, attack surfaces, and vulnerabilities. This role requires strong communication and collaboration skills, as well as the ability to distill complex security concepts into clear actions.

The Application Security Lead will also be responsible for leading the Security Champions Program, which aims to build a security-minded culture amongst developers and IT Operations teams. This involves providing training and guidance on secure coding practices, as well as partnering with development teams to integrate security into their workflows.

What You Will Do

• Conduct secure design reviews and threat modeling to identify and prioritize risks, attack surfaces, and vulnerabilities
• Deploy and operationalize static, dynamic, dependency, and secrets scanning tools
• Collaborate with Platform DevOps team to build and maintain security automation tools
• Partner with Platform DevOps to design secure-by-default architectures and workflows
• Assist with application security code reviews and advise developers on remediating vulnerabilities
• Establish and track SLA governance to ensure security findings are identified, prioritized, and remediated
• Maintain application asset inventory
• Lead the Security Champions Program to build a security-minded culture amongst developers and IT Operations teams
• Act as a trusted advisor and partner for development and cross-functional project teams
• Evaluate and implement security tools and automation solutions to enhance the security posture of applications

What We Are Looking For

• Bachelor's degree in Computer Science, Information Security, or related professional experience
• 3+ years of hands-on experience in application security, including securing cloud-based and containerized environments
• Experience performing secure code reviews and interpreting SAST/SCA/DAST results
• Strong experience with modern development workflows, including CI/CD pipelines
• Working knowledge of the OWASP Top 10 for web applications and APIs
• In-depth understanding of vulnerabilities and secure coding practices
• Hands-on experience with security tools like Snyk, Veracode, Burpsuite or similar
• Familiarity with cloud platforms (AWS, Azure) and containerization (Docker, Kubernetes)
• Proficiency in programming languages like Python, Java, or C#

Nice to Have

• Experience with Azure Pipelines and GitHub Actions
• Knowledge of security frameworks and compliance regulations
• Certification in application security or a related field

Benefits and Perks

• Remote work opportunities with a flexible schedule
• Professional development opportunities, including training and conference attendance
• Collaborative and dynamic work environment
• Access to cutting-edge security tools and technologies
• Competitive compensation package
• Health and wellness benefits
• Generous paid time off policy
• Remote stipend for home office setup and equipment

• Develop a strong understanding of secure coding practices and vulnerability assessments to stand out in the application security field.
• Showcase your experience with security automation tools and CI/CD pipelines in your portfolio or resume.
• Highlight your ability to communicate complex security concepts to non-technical stakeholders in your cover letter or interview.
• Be prepared to discuss your experience with cloud platforms, containerization, and security frameworks in the interview.
• Research the company's security posture and be prepared to discuss how you can contribute to it.
• Don't underestimate the importance of soft skills, such as collaboration and communication, in the Application Security Lead role.
• Be prepared to negotiate salary based on your experience and qualifications, and don't be afraid to ask about benefits and perks.