We are looking for a talented individual to take full ownership of the application security domain and provide technical leadership to a team within the Security & Compliance Team. In addition, the role involves shaping organization-wide application security best practices, resolving complex security issues, and participating in technical conversations with customers to answer complex security queries and collect new security requirements.
- Drive the application security domain within the organization, and provide technical leadership to the teams working on the application security efforts.
- Research vulnerabilities, and identify how they impact various web and mobile applications developed by the engineering teams.
- Research new technologies and methodologies related to application security and identify how WSO2 can adopt them.
- Provide technical guidance to build security-related tooling and automate the security processes.
- Review peer research and development (e.g. research whitepapers, PRs), security testing reports, software designs, threat models, and provide timely feedback.
- Participate in design and code reviews for products/solutions developed by the engineering teams.
- Develop and document policies, processes, and best practice guidelines to ensure a security-focused SDLC.
- Assist engineering teams to handle security incidents, and train them on security processes, best practices, and vulnerability identification and mitigation.
- Lead discussions with customers related to complex security efforts and issues, and assist community users with security-related questions.
- Monitor external feedback from the customers and community users on the security of WSO2 products, and decide on improvements.
- Devise and implement evangelism approaches such as CTFs to improve security knowledge and create a security culture.
- Participate in security-related conferences such as OWASP, AppSec, and BlackHat and present our research and development to the wider security community.
- Perform any other task related to application security if the need arises.
Key Qualifications and Skills
- BSc/MSc in Computer Science/Engineering/Security, or equivalent. Renowned security certifications such as OSCP, OSWE, and CISSP will be an added advantage.
- 6+ years of relevant industry experience.
- Strong analytical and communication skills.
- Eagerness to learn new technologies, and a passion for application security.
- Expert on OWASP Web Top 10, Mobile Top 10, API Top 10, SANS Top 25, and threat modeling using a framework such as STRIDE.
- Strong development skills and proficiency in at least one programming/scripting language. Having experience in Java, C#, C/C++, Python, or Bash will be an added advantage.
- Possess broad knowledge of core computer science concepts. Especially on web technologies, networking, and cryptography.
- Ability to provide direct feedback on technical and non-technical aspects to team members, handle conflicts, manage a team under pressure and resolve any conflicts.
- Ability to work on their own with self-motivation and be able to motivate their team members.
- Ability to divide a bigger, task into smaller segments, delegate tasks, and follow up effectively; ability to ensure tasks are completed as specified without micromanaging.
WSO2 was founded in 2005. Our open source, API-first, and decentralized approach helps developers and architects to be more productive and rapidly build digital products to meet demand. Customers choose us for our broad, integrated platform, approach to open source, and digital transformation methodology. The company’s hybrid platform for developing, reusing, running, and managing integrations prevents lock-in through open source software that runs on-premises or in the cloud.
WSO2 employs over 700 engineers, consultants, and professionals worldwide and has offices in the US, the UK, Australia, Brazil, Germany, and Sri Lanka. Today, hundreds of leading brands and thousands of global projects execute over 18.2 trillion transactions annually using WSO2 integration technologies.
Visit wso2.com and follow WSO2 on LinkedIn or Twitter to learn more.