Description
monday.com is looking for an application security expert to provide application security services including secure coding techniques and reviews, education & awareness, processes and tools, security testing support, and guidance for internal software development projects. You’ll join our Application Security Team based in our headquarters, in Tel Aviv, Israel.
About The Role
- Provide guidance on security best practices and compliance, and undertake security testing.
- Identify Application security risks and requirements for new projects and system developments.
- Sign-off on application security prior to live implementation
- Collaborate with the architecture and development teams to review code for security vulnerabilities and embed/improve security threat modeling and secure coding in the development lifecycle
- Provide technical specialist advice to ensure that security standards are understood and can be complied with.
- Collaborate with 3rd party suppliers to promote secure design and security testing.
- Develop security testing plans and integrate them into the software development lifecycle.
- Perform and oversee security testing and manage remediation of identified vulnerabilities.
- Monitor and proactively report on current threats and vulnerabilities to application security.
- Prepare and monitor application security metrics and KPIs.
Requirements
- 4+ years experience in software development.
- In-depth knowledge of application security vulnerabilities, testing techniques, and the OWASP framework.
- In-depth understanding of secure web application development.
- Experience in web application and Agile development methodologies.
- Comprehensive knowledge of IT and information security subject matter.
- Exposure to methods of promoting security awareness.
- Strong communication (verbal/written) and influencing skills, with an ability to manage internal and external relationships up to senior levels of management.
- Anticipates problems and identifies long-term implications of decisions and actions.
- Ability to work alone and build relationships across the organization.
- Able to prioritize workload and drive work to set deadlines.
- Security certifications – CISSP, CISA, CISM (Not a Must).
- Technical certifications, e.g. GIAC ethical hacker, GIAC Certified Web Application Defender, GIAC Web Application Penetration Tester (Not a Must).
- Experience with cloud applications (Not a Must).
Read Full Description