Application Security Consultant

·  At least 4 years combined work experience in software development, application security, and cloud computing (e.g., AWS)

· Familiar with mobile and web application programming interfaces (API) architecture (e.g., REST, SOAP, SSL/TLS)

· Experience in threat modelling and able to establish threat profiles for application projects to identify, quantify and remediate application security risks

· Strong knowledge of security best practices such as OWASP Top 10, OWASP application security verification standard

· Familiar with Agile development processes, CI/CD, DevOps concepts, tools (Gitlab, Github,Ansible etc) and how automated security testing can be incorporated into CI/CD pipelines

·  Experience on using SAST code scanning tools such as Fortify-on-Demand, Sonarqube, etc.

· Track and address security vulnerabilities with timely remediation and patching processes.

· Conduct security awareness training sessions

·Good verbal/written communication, collaboration skills and experience interactingwith various stakeholders

· Strong analytical, problem-solving, and troubleshooting skills; ability to workindependently

· Relevant certifications preferred (e.g., CISSP, OSCP, AWS security, AWS DevOps Engineer, or equivalent, etc.)

· Experience in working with Government Commercial Cloud (GCC) preferred.