Job Description

Lead Security Analyst - Secure Code Review

Get to know the Role:

  • You should possess an extensive hands-on experience in solutions design and development and a deep understanding of web and mobile application security, API security, container security, data protection. You should also understand basic concepts, and be able to learn advanced concepts, about cryptography, networking security, operation system security.

Roles & Responsibilities:

  • Perform secure design review, secure code review, threat modeling, and assist developers in triaging scan results.
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences and make recommendations for security improvements.
  • Effectively communicate findings and strategy to stakeholders including technical staff and executive leadership.
  • Develop secure coding guidelines, training courses on secure coding best practices, related to cryptography, authentication, access control, etc.
  • Leading engagements with Engineering teams from scoping through remediation, and mentoring less experienced staff.

The day-to-day activities:

  • A typical job could be reviewing source code and configuration of mobile applications and APIs, to identify potential vulnerabilities to bypass security controls. If, just by reading the source code, you can find secrets hardcoded in the mobile application or in configuration files, identify a weak implementation of cryptographic controls, present relevant data in a digestible manner, think well outside the box, or are astute enough to quickly learn these skills, then you’re the type of Analyst we’re looking for.

The must haves:

  • Strong background in coding, fluent in several modern programming languages
  • Excellent understanding of secure design and coding best practices.
  • At least 8 years’ experience with a minimum of 3 of the following:
  1. Development of mobile applications, RESTful APIs, web applications
  2. Design of highly-available and highly-secure solutions in financial sector
  3. Strong experience with AWS, Azure or GCP
  4. Design of container-based infrastructures in the cloud
  5. Secure code review of mobile applications, RESTful APIs, web applications
  6. Experience using scanning tools for mobile, API and web application security testing.

Any of the following certifications and experiences would be a plus:

  • Certifications from AWS, Azure or GCP related to solutions architecture, development or security
  • Cybersecurity certifications, such as OSWE, CCSLP, GWEB
  • Speaker at developer or security conferences, such as Devoxx, GopherCon, Defcon or Bsides
  • Author or contributor in F/OSS projects

keywords: solution architecture, programming, cloud, API, kubernetes, docker, OWASP,