Job Description

Job Description
Looking for a person to strengthen application security, helping to establish secure development standards and integrating security into software development processes. The role will collaborate with different technical teams to ensure that applications are kept protected from the early stages.
Responsibilities:
Play a key role in the evolution of the application security program by establishing secure development standards and integrating security into software development.
Work collaboratively with development, DevOps and DevSecOps teams to build in security from the start.
Manage vulnerabilities and keep software updated and protected.
Review open source for potential security issues (OSA/SCA).
Perform and improve code security reviews.
Strengthen the security of APIs (REST, GraphQL).
Develop threat models (STRIDE, PASTA, etc.) for new functionalities.
Collaborate with external teams on penetration testing.
Share security knowledge with the rest of the team.
Requirements:
At least 5 years of experience in application security or a similar position.
Experience with SAST, DAST, IAST and RASP tools, especially Snyk and/or Acunetix.
Experience in vulnerability management and threat modeling (STRIDE, PASTA).
Experience in penetration testing or collaboration with specialized teams.
Knowledge of OWASP standards (ASVS, WSTG, etc.) and secure development principles.
Knowledge of API security (REST, GraphQL).
Ability to read and understand code in PHP, JS, Go, C# and C++ (Unity for desktop and mobile).
Knowledge of application and infrastructure security.
Certifications such as OSCP, GWEB or CSSLP are valuable.
Experience in security applied to Unity or game engines.
Knowledge of cloud security (AWS, AliCloud).
Experience integrating security controls into CI/CD pipelines (GitHub Actions).

Salary to receive
To agree