Application Security Lead
- Worldwide
- Freelance
The Application Security Lead is responsible for establishing and maintaining robust application security processes. They define security requirements, collaborate with development teams, identify vulnerabilities, conduct security testing, and participate in audits. The role requires knowledge of security standards, system/network security, and software development. Strong communication, analytical thinking, and problem-solving skills are essential. Additional experience in building security infrastructure, cloud security, and relevant certifications are advantageous. The Application Security Lead ensures secure application development and protects against vulnerabilities and threats.
Responsibilities
- Application Security Requirements Definition: Define and implement application security requirements for development.
- Process Development and Collaboration: Collaborate with development teams to establish a robust application security process.
Security Issue Identification and Mitigation: Identify and address security issues and threats throughout the software development lifecycle, including reviewing business requirements, architectures, and designs. - Vulnerability Analysis and Testing: Analyze and identify security vulnerabilities in web and mobile applications through source code review, manual security testing, and dynamic security scanning. Conduct vulnerability assessments, penetration testing, and ethical hacking to assess application security.
- Internal Security Assessments and Reviews: Participate in internal security penetration testing, security audits, and regression reviews.
- External Audits and Certifications: Facilitate external security audits and certifications.
- Integration of Security in Software Development Lifecycle: Ensure security considerations are integrated into all stages of the software development lifecycle.
- Stakeholder Communication and Coordination: Communicate and coordinate with stakeholders to promote a strong application security culture.
