Carry out manual and automated review of source code to identify security vulnerabilities and risks
Implement automated security testing tools (SAST, DAST, IAST) and their deployment within continuous integration systems
Implement hardening and secure framework such as RASP, WAF, safe library, and security decorator functions
Perform vulnerability assessment & penetration testing on web API, front-end service, internal RPC, and mobile application
Attend design reviews and actively lead the discussions from a security standpoint
Analyze possible security incidents related to application security such as payment abuse or sensitive data exposure via web API
Ensure that product security requirements are identified early on and are being baked into all projects
Provide effective recommendations or patches to mitigate security vulnerabilities
Develop in-house tools to integrate with SDLC and to track and derive security metrics
Job Requirements
Bachelor's Degree in Computer Science or equivalent
Relevant professional experience or extensive experience in security activities (e.g. CTF, bug bounty, security research, publications, blog)
Practical knowledge of modern software development such as microservices, application containerization, REST architecture, object-oriented programming, stateless/stateful authentication, and cloud platform
Working knowledge of one or more of these programming languages: Java, JavaScript, Kotlin, C#, Objective-C, Swift
Experience in security code review, vulnerability assessment, and penetration testing.
Knowledge of common vulnerabilities such as OWASP Top 10 and CWE including business logic issues (e.g. IDOR)
Core skill set in two or more of the following areas:
