Application Security Specialist
Posted on 11/9/2023
Learning and upskilling platform
Degreed empowers growth and innovation through lifelong learning. As a changemaker on a global scale, they help identify skills and build the skills to drive individual growth and business results.
Later Stage VC
Growth & Insights
6 month growth↓ -5%
1 year growth↓ -8%
2 year growth↓ -19%
Remote in USA
Google Cloud Platform
IT & Security
- 5+ years of overall experience in information security, including 3+ years in application security field and 1+ year in Cloud Security
- Background in the application security basics and a working knowledge of the OWASP Top Ten exploitation paths and control mitigations to protect against them. Cloud security experience preferred.
- Knowledge and experience with the configuration of security controls and secure migration of enterprise applications to one of the major cloud providers such as Azure (preferred), Amazon Web Services, or Google Cloud.
- Experience with defining and integrating Security Architecture standards and Secure SDLC across the organization. A general understanding of old and new development patterns: Release cycles, CI/CD, Code check-in and review. Demonstrated knowledge of build concepts like pipelines, runners, and security checks in early lifecycle build. A background in container build environments.
- Demonstrated experience conceptualizing and thinking about threat assessments and threat modeling both in the release cycle and containerized environments. Experience with vulnerability management.
- Exposure to delivering results in an agile environment driven by priorities.
- Some development background such as building applications in at least one language in recent history and understand the complexities of building in modern languages.
- Ability to work effectively in virtual environment where key team members and partners are in various time zones and locations.
- A cybersecurity certification would be highly advantageous (Security+, SSCP, CISSP, CISM, CCSP, CSSLP, CEH, etc.)
- Support the design of proactive application security frameworks to ensure the secure architecture and development of business solutions. This includes frameworks for performing consistent application security assessments, threat models, as well as the development of secure design patterns and development standards.
- Strong technical understanding of all security domains to help secure the Cloud environment, focusing on maturing the ability to protect assets and applications with applying controls around the four pillars of prevent, detect, respond and remediate.
- Join forces with our brilliant Security Engineering team to define and integrate Security Architecture standards and Secure SDLC across the organization, ensuring our security practices stay top-notch and our products remain unbeatable.
- Act as a key player in Degreed’s large-scale assisting the DevSecOps team CI/CD pipelines and help design high-tech security practices for our cloud and container release platforms.
- Conduct application security assessments, threat modeling and be involved with application design.
- Proactively communicate design and development principles to appropriate stakeholders.
- Empower and inspire our team of developers, architects, and others through training in secure coding and design principles to build the most robust and secure applications possible.
- Build an application security program to allow internal teams to improve security designs and reduce vulnerabilities found after development of code.
- Automation and standardization of all applicable processes.
- Adaptability: Comfortable working in a dynamic environment with constant change and ambiguity.
- Interpersonal Skills: Ability to build strong relationships with development, software architecture, and product management stakeholders.
- Cloud Knowledge: Familiarity with popular cloud provider solutions (such as Azure, AWS, GCP) and cloud orchestration tools (like Kubernetes).
- OWASP Understanding: In-depth comprehension of the OWASP Top 10 and the ability to effectively communicate security concepts with developers and application architects. Previous experience in development or software architecture is preferred.
- Security Assessments: Expertise in conducting cloud architecture reviews, application risk assessments, and threat modeling to identify potential security risks.
- SDLC Integration: Experience in integrating security controls into all stages of the Software Development Life Cycle (SDLC), including automating security measures into CI/CD pipelines.
- Risk Analysis: Ability to analyze business impact and exposure based on emerging security threats, vulnerabilities, and risks. Capable of recommending suitable technologies and solutions to mitigate those risks.
- Effective Communication: Skill in translating technical concepts into plain language to effectively communicate business risks and requirements to both technical and non-technical stakeholders.
- Collaboration: Collaboration with developers and software architects to adjust designs and ensure they meet business and technical requirements securely.