Applications Security
Applications Security
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Position summary
Application Security is a pivotal role within our international information security organisation when focus on patients applications. You will be responsible for development and implementation across Secure SDLC being impactful to our development teams. Being a key contributor to the development teams would require broad knowledge of the technology stack across preferably in the health care industry. A developercentric approach is essential as you will be expected to empathize with and address the needs of our development teams fostering a culture where security is ingrained in every aspect of our data workflows.
Roles and responsibilities:
Nobody meets all our requirements. If you however meet some of our main criteria bellow and have a foundational information security knowledge in application development well be more than happy to meet you.
Experience with Salesforce Mulesoft and AWS environments
Experience with application development security frameworks or guidelines like OWASP SANS ENISA NIST
Stay updated with the latest security threats and trends particularly the OWASP Top 10 vulnerabilities
Define and apply controls tosecurity best practices(e.g. profiles roles permission sets) in Salesforce and other applications
Ensure compliance withGDPR ISO 27001 NIS2 and other regulations and standards
Conduct security assessments and code reviews to identify vulnerabilities in applications
Implement and manage security tools and continuous information security audit Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA) IaC container security
Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC)
Provide guidance and training to developers on secure coding practices
Review and help remediate SOQL injection CrossSite Scripting (XSS) CSRF and insecure API exposures and other vulnerabilities and error corrections
Develop and maintain security documentation including risk assessments and mitigation strategies
Define logging and monitoring security needs
Define encryption standards for compliance
Define how API security should work and ensureconnected apps(Such as Mulesoft) are properly configured
Conduct regular risk assessments and mitigate threats proactively
Communicate security risks and solutions effectively to both technical and nontechnical stakeholders
Skills requirements / preferences:
Essential effective oral and written communication skills in English and Spanish
Experience in full software development lifecycle from requirements gathering design software development testing and retirement of systems
Handson experience with AppSec tools and security configurations.
Experience with CI/CD scripting.
Familiar with security tools like PMD Checkmarx SonarQube Burp Suite Salesforce Security Health Check.
Cloud & Infrastructure Security knowledge in AWS Azure.
Experience with the DAST/SAST/IaC/SBOM tools.
Experience with automation tools.
Experience with hardening infrastructure
Experience with containers and/or Kubernetes
Education requirements:
A bachelors degree in computer science or comparable knowledge
Valuable certifications:
Certified Secure Software Lifecycle Professional (CSSLP)
Certified DevSecOps Professional (CDP)
CISM CISSP or relevant security certifications
Employment Type
Full-Time
