Key Responsibilities:

• Lead the integration of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools into CI/CD pipelines.
• Conduct API DAST scans and manual assessments to identify and remediate high-severity vulnerabilities across enterprise applications.
• Drive onboarding and implementation of tools such as Checkmarx One, Qualys WAS, and other scanning platforms.
• Collaborate with development and DevOps teams to embed security into the software development lifecycle (DevSecOps).
• Provide technical guidance on secure coding practices and remediation strategies.
• Contribute to security architecture reviews and support threat modelling exercises.
• Maintain documentation of findings, remediation efforts, and tool configurations.
• Effectively communicate vulnerability findings, risk implications, and provide actionable remediation guidance to ensure secure and timely resolution.
• Participate in training sessions and workshops for development teams to promote secure coding practices, raise awareness of common vulnerabilities, and improve remediation effectiveness.

Required Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• 5+ years of experience in cybersecurity, with a focus on application security and DevSecOps.
• Hands-on experience with SAST and DAST tools (e.g., Checkmarx, Qualys WAS, Burp Suite).
• Strong understanding of OWASP Top 10 and secure coding principles.
• Familiarity with CI/CD tools and pipelines (e.g., Jenkins, GitHub Actions).
• Excellent communication and documentation skills.