Principal Cybersecurity (App Sec)

Job Description

Job Summary

We are seeking a skilled and passionate Security Professional to join our team. The ideal candidate will be responsible for conducting vulnerability assessments, performing penetration testing, and driving the implementation of secure development practices. This role requires a strong understanding of security frameworks, emerging threats, and the ability to collaborate with cross-functional teams to ensure a robust security posture.

Roles & Responsibilities

• Conduct comprehensive vulnerability assessments on infrastructure, applications, and networks.
• Prioritize vulnerabilities based on risk levels and provide actionable remediation plans.
• Develop and maintain a robust vulnerability management lifecycle.
• Perform manual and automated penetration tests on web applications, APIs, mobile apps, and networks.
• Simulate real-world attacks to identify security weaknesses and validate controls.
• Research and integrate emerging tools and techniques to enhance testing capabilities.
• Integrate security controls into CI/CD pipelines to ensure secure software development practices.
• Automate security testing processes, including static and dynamic code analysis.
• Conduct in-depth security reviews of applications, including source code reviews and architecture analysis.
• Advocate for security-by-design principles across all stages of the SDLC.
• Develop and implement long-term strategies to improve overall security posture.
• Engage in threat modeling and risk assessment for critical assets.
• Conduct secure configuration reviews and ensure secure application architectures.
• Support the development and implementation of secure coding practices and frameworks.
• Review and implement controls such as SCA (Software Composition Analysis) and SBOM (Software Bill of Materials).
• Document findings, write detailed reports, and present results to technical and non-technical stakeholders.
• Ensure compliance with industry security standards (e.g., OWASP, NIST, ISO 27001).
• Lead and mentor team members to achieve organizational objectives.
• Provide guidance during incident response and post-breach analysis.
• Collaborate with cross-functional teams, including IT, DevOps, and compliance.

Skills Required

• Strong expertise in vulnerability assessment, penetration testing, and security tools.
• Proficiency in frameworks like MITRE ATT&CK, OWASP Top 10, and secure SDLC principles.
• In-depth understanding of secure coding practices and secure application architecture.
• Knowledge of automation tools for static and dynamic code analysis.
• Excellent threat modeling and risk assessment capabilities.
• Familiarity with SCA and SBOM controls.
• Strong documentation and reporting skills for both technical and non-technical audiences.
• Ability to mentor and lead teams effectively.
• Up-to-date knowledge of emerging threats, vulnerabilities, and security technologies.

Experience & Qualification

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
• 15+ years of experience in cybersecurity, vulnerability management, and penetration testing.
• Hands-on experience with security standards such as OWASP, NIST, ISO 27001.
• Certifications like CISSP, OSCP, CEH, or equivalent are highly desirable.
• Proven track record of implementing security controls in CI/CD pipelines.
• Experience in incident response and post-breach analysis is a plus.