Core Competencies:
Strong grasp of the NIST security framework and associated controls, with the ability to lead architecture-level security discussions with product teams.
In-depth understanding of tiered architectures in both web and mobile applications, including components such as web servers, database servers, firewalls, and network structures like VNETs or VPCs.
Experience with container security practices and tooling.
Familiarity with industry-standard tools for Static Application Security Testing (SAST) and Software Composition Analysis (SCA)—e.g., GitHub Advanced Security (GHAS).
Hands-on experience with Microsoft Azure, including securing both managed and unmanaged services in the cloud; Azure certifications are a plus.
Solid understanding of threat modeling methodologies and the ability to identify vulnerabilities across various interfaces in web applications, enterprise/cloud environments, and mobile app architectures.
Deep knowledge of the OWASP Top 10 application security risks and their mitigation strategies.
Possession of CISSP or CISM certification is highly desirable and considered a differentiator.
Key Skills:
Security Architecture
Threat Modeling
Cloud Security