• 2-8 years development experience in enterprise software, preferably web and database applications with technologies (.Net i.e)
• Knowledge of common software vulnerabilities such as OWASP.
• Able to communicate clearly technical issues with different audience.
• SDLC such as agile or SAFe.
• Will be doing developing in this role as well as code maintenance.
• This includes writing code, making changes to code and reviewing the code for security vulnerabilities (they do not need experience in reviewing for vulnerabilities but the motivation to learn).
• Security certifications.
• Experience with software security framework such as Bsimm.
• Experience with application vulnerabilities scanner such as web inspect or code review tool such as Fortify.
• Exposure to IT risk management.
• Advise developers on secure design and development.
• Develop application security test cases and plans.
• Evaluate application security test report and advise development team on how to remediate.
• Execute secure SDLC process.
Application Security, Code Review, OWASP, vulnerabilities