Work with development teams to ‘shift security left’ and drive security reviews
Perform threat modeling and risk assessments for applications
Provide security requirements to the development teams in the form of security user stories and contribute towards the user stories database
Develop tools and processes to assist modeling, analysis, detection, and prevention of security threats
Design and follow a process to help evaluate third-party vendors from a security perspective
Make necessary updates to the Product Inventory
Requirements :
Mature application security and DevSecOps background
Experience with Cloud Security
Familiarity with one or more Security Development methodologies (e.g., Microsoft SDL, OWASP OpenSAMM, BSIMM, etc.)
Familiarity with security threats and attack scenarios, such as OWASP Top 10, Mitre Attack Framework
Familiarity with Threat Modeling, hands-on experience with one or more Threat Modeling Tools
Familiarity with one or more tools in the following categories: Static Code Analysis, Static / Dynamic Application Security Testing, Penetration Testing, Intrusion Detection/ Prevention
Understanding of main Security-related activities in development such as Security Requirements gathering, Risk Assessment, Security Code Review
Familiarity with security threats, their implementation, and their classification
Understanding of main security concepts and principles
Understanding of main areas of protection and levels of defense