Principal Application Security Consultant

Responsibilities include but are not limited to:

• Develop, manage, and enforce data protection controls to ensure data security is always maintained.
• Conduct threat modeling for complex applications and platforms
• Secure code reviews, vulnerability assessments, application security standards and guidelines
• Deploy, manage, operate RASP, SAST, DAST, WAF, IAST
• Develop and implement Security measures for AI systems and initiatives
• Establish API Security Frameworks, standards, and API Security management
• Develop and manage application & data threat modeling and lead Secure SDLC efforts including standards
• Define Identity and access controls with regards to applications, platforms and data
• Update and maintain relevant standards and frameworks to ensure continued safeguarding company assets including sensitive data
• Familiarity with PCI-DSS requirement and e-commerce security requirements and establish standards to secure e-commerce platform
• Familiarity with authentication & authorization technologies sus as OAuth, SAML, JWT, federation and drive standards for consumer platforms in alignment with business requirements

Experience And Qualifications Of The Role
 

• Minimum 10+ years of experience with technology and at least 7-years in Information Security within cloud-native or SaaS technology environments
• Experience conducting threat hunting, threat modeling in cloud platforms such as AWS, Azure, Oracle, Salesforce, Snowflake and container environments
• Relevant certifications such as CSSLP, GWEB, GWPAT, and AWS/GCP/Azure Security certifications are desirable.
• Working experience performing security architecture review, code review, and building security requirements for the introduction of new technologies in a multi-cloud environment including SaaS applications.
• Working experience leveraging and customizing native & 3rd party security tools to secure multi-cloud environments
• Hands-on experience working in multi-cloud environment with an understanding of cloud technology components such as networking, segmentation, virtualization, encryption, secrets & key management, serverless, container, Kubernetes and IaC
• Hands-on experience with cloud/infrastructure traffic analysis, anomaly detection, Web Application Firewall (WAF), RASP, IAM and security automation.
• Familiarity with security concepts such as secure-by-design, application architecture, Authentication (SSO, SAML, Azure AD), Perimeter security, Micro-segmentation and Zero-Trust.
• Hands-on experience with Policy as Code (Client) using coding languages such as Python, Go, JavaScript, or YAML.
• Hands-on experience with security testing tools such SCA, SAST, DAST and Website analysis
• Extensive experience writing technical and business-friendly security documentation.
• Strong analytical, problem-solving, and communication skills. Ability to work collaboratively in a dynamic environment and manage tasks with attention to details.
• Experience working with developers, product managers, and having some eCommerce experience
• Experience with Node.js, JavaScript, TypeScript, Python, and .NET

Computer Skills Needed To Perform The Job
 

• Proficiency in Microsoft O365
• Strong Excel Skills
• Strong PowerPoint / Presentation skills