• You will be the primary security engineer for software products and act as the point of contact for engineering and security.  
• Preparation of security requirements based on company policies and security standards (e.g. OWASP ASVS).  
• Design, build and review security-related services and functions of web applications and mobile services.  
• Conduct product security threat and risk assessments for software products regularly (OWASP Threat Dragon or similar tool).  
• Classify data and applications based on business risk. Establish a simple classification system to represent risk-tiers for applications.  
• Collaboration with product & development managers on the assessment and prioritization of security-related tasks in the development backlog.  
• Improvement of the adoption of security best practices in testing, automation, and continuous integration pipelines. 

• 3+ years of related technical experience in Product Security Architecture or Engineering.  
• 3+ years of experience in Cloud Platforms: Azure(preferred)/AWS.  
• 3+ years of demonstrated experience in the Secure SDLC approach. Ability to describe goals, steps, approaches, etc. Possess the ability to lead the implementation of security controls in the development team.  
• Experience in implementing and verifying OWASP ASVS.  
• Experience in conducting threat assessments, building threat models, and creating remediation plans/requirements based on the results of threat assessments.  
• Experience in risk management, its purpose, and approaches.  
• Solid knowledge of OWASP Top 10 and understanding of OWASP testing guide.  
• Ability to develop and conduct security pieces of training and workshops (e.g., General security training, threat modelling).  
• Proficiency in communicating over a text-based medium (MS Teams, Jira/Confluence, Email) and ability to concisely document technical details.  
• Excellent interpersonal and verbal communication skills.  

• Specialist / Professional Certified.

#LI-YD1