M03 - IT Security Officer (Application Security)

Overview

We are seeking an experienced Application Security Consultant to drive secure application development practices, perform security assessments, and support cloud security initiatives. The ideal candidate will have strong expertise in application security, secure SDLC, DevSecOps, threat modelling, and cloud technologies.

Responsibilities

• Perform application security assessments and reviews for web, mobile, and cloud-based applications.
• Conduct threat modelling exercises to identify, assess, and mitigate application security risks.
• Establish threat profiles and recommend security controls for application projects.
• Track, manage, and remediate security vulnerabilities through timely patching and remediation processes.
• Integrate security best practices and automated security testing into CI/CD pipelines.
• Conduct security awareness training and promote secure coding practices across development teams.
• Collaborate with developers, engineers, and stakeholders to strengthen application security posture.
• Support security governance, risk management, and compliance initiatives. 

Requirements

• Minimum 4 years of combined experience in software development, application security, and cloud computing (AWS preferred).
• Strong understanding of web and mobile application architectures and APIs, including REST, SOAP, SSL/TLS.
• Experience in threat modelling and application security risk assessment.
• Strong knowledge of application security standards and frameworks, including:OWASP Top 10OWASP Application Security Verification Standard (ASVS)
• Familiarity with Agile development methodologies, DevOps practices, and CI/CD pipelines.
• Experience integrating security testing into development workflows.
• Hands-on experience with SAST (Static Application Security Testing) tools such as:Fortify on DemandSonarQubeSimilar security scanning platforms
• Strong analytical, troubleshooting, and problem-solving skills.
• Excellent communication and stakeholder management skills.
• Ability to work independently and collaboratively within cross-functional teams.

Preferred Qualifications

• Professional certifications such as:CISSPOSCPAWS Security SpecialtyAWS DevOps EngineerEquivalent cybersecurity certifications
• Experience working with Government Commercial Cloud (GCC) environments.

Key Skills

Application Security | DevSecOps | Threat Modelling | OWASP Top 10 | OWASP ASVS | AWS Security | CI/CD | SAST | Fortify | SonarQube | REST API | SOAP | SSL/TLS | GitLab | GitHub | Ansible | Cloud Security | Vulnerability Management | Secure SDLC | Security Awareness Training | GCC Cloud Environment