• Conduct dynamic and static application security testing (DAST/SAST) to identify vulnerabilities in web, API, and cloud applications.
• Perform manual code reviews, recommend secure coding practices, and apply fixes to enhance security.
• Execute risk assessments and apply threat modeling frameworks (STRIDE, DREAD) to identify and mitigate security risks.
• Integrate security tools into the CI/CD pipeline to automate security testing using DevSecOps practices.
• Analyze and reduce false positives/negatives from automated security tool results.
• Investigate and respond to application security incidents, collecting evidence and applying remediation.
• Stay updated with industry standards like OWASP Top 10, PCI DSS, NIA, and NIST.

Skills

Certifications:

• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• Offensive Security Certified Professional (OSCP)
• Certified Cloud Security Professional (CCSP)

Tools & Technologies:

• Penetration Testing Tools: Burp Suite, Metasploit, Kali Linux
• Static & Dynamic Analysis Tools: SonarQube, Checkmarx, Fortify
• Vulnerability Management: Tenable.io, Qualys, Rapid7 Nexpose
• DevSecOps & CI/CD Tools: Jenkins, GitLab, Docker, Kubernetes, Terraform
• Cloud Security: AWS, Azure, Google Cloud
• Languages & Frameworks: Java, Python, Ruby, JavaScript, .NET, Angular, React