Role responsibilities:
* Perform security activities, including but not limited to, security design reviews, risk assessments, threat modelling, and vulnerability management and risk mitigation
* Act as the main security point of contact & SME
* Conduct High Level & Low-Level technical risk assessments
* Act as the Security subject matter expert within Agile/waterfall project planning, development, and execution
* Obtain and review all required artefacts as part of the application security framework
* Conduct document and conceptual design reviews
* Experience with DevSecOps (eg CI/CD pipelines), developing security requirements
* On-demand Security assessment of various components like Web apps, Containers, Cloud Platforms etc
* Reviewing security assessment reports and create a remediation pipeline
* Experience in web application security assessments like SAST, DAST and IAC etc.
* Drive security evaluation early in the cycles through iterative security testing
* Provide advisory services and direction to development teams during development cycles
* Manage control exemptions/remediations identified through projects
* Advise on external regulatory requirements
* Provide metrics for relevant areas of responsibility when required
* Challenge stakeholders to ensure security is efficiently delivered
* Mediate between development and security teams to facilitate business.