Product and Solution Security (PSSE)

• Collaborate with software development teams to integrate security practices throughout the SDLC.
• Perform security code reviews and analyze vulnerabilities during different SDLC phases.
• Ensure security requirements are included in the design, development, testing, and deployment stages of software projects.
• Develop and implement security protocols, guidelines, and standard processes for software development.
• Conduct threat modeling and risk assessments to identify potential security issues early in the development process.
• Provide guidance on secure coding practices and remediation of identified vulnerabilities.
• Work closely with key partners, including product managers, project managers, and business analysts, to support and promote security activities within products.
• Communicate security risks, issues, and mitigation strategies effectively to both technical and non-technical partners.
• Foster a security-aware culture within the development teams and across the organization.
• Implement and manage security tools such as static and dynamic analysis tools, intrusion detection systems, and vulnerability scanners.
• Stay updated with the latest security tools, trends, and standard processes to enhance the organization's security posture.
• Assist in the development and implementation of incident response plans and procedures.
• Participate in security incident investigations and provide expertise in resolving security breaches.
• Conduct security training and awareness programs for development teams.
• Promote continuous improvement and knowledge sharing related to application security.

Skills and Requirements:

• In-depth knowledge of application security, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten).
• Experience with security tools and technologies such as static analysis tools (SAST), dynamic analysis tools (DAST), and vulnerability scanners.
• Proficiency in programming languages such as Java, C#, Python.
• Understanding of DevSecOps practices and integration of security into CI/CD pipelines.
• Promote continuous improvement and knowledge sharing related to application security.
• Ability to explain complex security concepts to non-technical stakeholders.
• Strong analytical and problem-solving skills.
• Collaborative mindset and ability to work effectively with cross-functional teams.

Preferred Certifications:

• Certified Secure Software Lifecycle Professional (CSSLP).