Senior Security Specialist
Job Overview:
As a Senior Security Specialist, you will be responsible for ensuring the security of our APIs, mobile applications, and infrastructure. You will lead efforts to identify, analyze, and mitigate security vulnerabilities across our systems, working closely with cross-functional teams to deliver secure and scalable solutions. Your expertise in penetration testing, security analysis, and cloud infrastructure (AWS preferred) will be crucial in safeguarding our assets from potential threats.
Key Responsibilities:
- Conduct penetration testing and vulnerability assessments on APIs, mobile applications, and cloud infrastructure to identify security weaknesses.
- Perform in-depth security analysis, including scanning application dependencies and identifying risks related to third-party libraries and services.
- Review and audit code, configurations, and infrastructure to ensure best security practices are followed and compliance is maintained.
- Develop and implement security protocols and policies to ensure secure application development and deployment.
- Continuously monitor, detect, and respond to emerging security threats, and advise teams on preventive measures.
- Collaborate with developers, product managers, and IT teams to design secure systems, applications, and processes.
- Stay up to date with the latest security trends, vulnerabilities, and exploits to help refine and adapt security practices.
- Lead security investigations, including incident response and forensic analysis, as necessary.
- Work with cloud security tools and AWS services to ensure the security of our cloud-based infrastructure.
Qualifications:
- At least 5 years of experience in cybersecurity with a focus on application security, API security, and infrastructure security.
- Extensive experience with penetration testing tools and methodologies (e.g., Burp Suite, OWASP ZAP, Metasploit, etc.).
- Deep understanding of networking, network security protocols, and common security vulnerabilities (e.g., SQL Injection, XSS, CSRF).
- Experience with cloud security, specifically in AWS (Amazon Web Services).
- Familiarity with security scanning tools and dependency analysis for vulnerabilities (e.g., Snyk, Dependency-Check, OWASP Dependency-Check).
- Proven track record in performing threat modeling, risk analysis, and vulnerability assessments on web and mobile applications.
- Strong understanding of encryption, authentication protocols, and secure coding practices.
- Experience with DevSecOps practices and integrating security into CI/CD pipelines.
- In-depth knowledge of common security frameworks and standards (e.g., OWASP Top 10, NIST, ISO 27001, CIS).
- Certifications such as CISSP, OSCP, CEH, or equivalent are preferred.
- Ability to communicate technical information to non-technical stakeholders effectively.
- Strong problem-solving skills and the ability to work independently.
Preferred Skills:
- Experience with container security and microservices (e.g., Docker, Kubernetes).
- Experience with other cloud platforms AWS.
- Familiarity with mobile application security testing and securing mobile environments.
- Experience with adopting cloud security tools like AWS Inspector, AWS WAF
