Overview

Secure Development Lifecycle (SDLC) Implementation

Responsibilities

• Design and implement secure software development practices
• Integrate security gates into CI/CD pipelines following DevSecOps principles
• Establish security quality gates and acceptance criteria
• Develop secure coding standards based on OWASP guidelines
• Create security architecture patterns and reference implementations
• Security Code Reviews & Testing
  • Conduct in-depth security code reviews for critical features
  • Implement automated security testing (SAST, DAST, IAST, SCA)
  • Configure and tune security scanning tools (Aquasec, Trivy, Dependabot, etc)
  • Review cryptographic implementations against industry standards
  • Validate authentication and authorization implementations
  • Ensure compliance with OWASP ASVS (Application Security Verification Standard)
• Threat Modeling & Risk Assessment
  • Lead threat modeling sessions using STRIDE, PASTA, or similar frameworks
  • Create threat models for new products and architectural changes
  • Identify attack vectors specific to web and mobile platforms
  • Develop abuse cases and security test scenarios
  • Maintain threat intelligence for fintech-specific risks
  • Document security requirements derived from threat models
• Platform-Specific Security
  • Web Applications: Implement defenses against OWASP Top 10 vulnerabilities
  • Mobile Applications: Apply OWASP MASVS and platform-specific guidelines (iOS App Transport Security, Android Network Security Config)
  • APIs: Implement API security best practices (rate limiting, authentication, input validation)
  • Cross-platform session management and secure data storage
• Security Tooling & Automation
  • Build and maintain security testing pipelines
  • Integrate security tools with GitHub Actions
  • Develop custom security linters and pre-commit hooks
  • Create automated vulnerability tracking and remediation workflows
  • Implement secret scanning and dependency checking
  • Build security dashboards and metrics reporting
• Developer Enablement & Training
  • Create secure coding guidelines for different technology stacks
  • Develop a security champions program aligned with OWASP SAMM
  • Conduct security training on platform-specific vulnerabilities
  • Provide hands-on guidance during security incidents
  • Build internal security libraries and frameworks
  • Create threat modeling templates and playbooks
  • Direct impact on the security of products used by thousands of businesses
  • Work with cutting-edge fintech products across multiple platforms
  • Collaborate with talented engineers across 25+ countries
  • Modern security tooling and testing infrastructure
  • Investment in professional development and certifications
  • Clear progression path to Staff/Principal roles
  • Technical writing skills for documentation and guidelines
• Key Projects & Initiatives
  • Build threat modeling practice for all products
  • Establish automated security testing in CI/CD pipelines
  • Create platform-specific security standards and libraries
  • Develop a security training curriculum for 200+ developers

Qualifications

• Technical Expertise
  • 5+ years of application security experience
  • Strong programming skills in multiple languages (Python, JavaScript/TypeScript, Golang)
  • Deep understanding of security vulnerabilities across web and mobile platforms
  • Hands-on experience with security testing tools and methodologies
  • Expertise in secure coding practices and design patterns
  • Experience with modern development frameworks (React, Angular, ReactNative, Flutter)
• Security Domain Knowledge
  • Expert knowledge of OWASP standards (Top 10, ASVS, SAMM, MASVS)
  • Understanding of cryptographic principles and secure implementations
  • Experience with threat modeling methodologies
  • Knowledge of authentication standards (OAuth2, OIDC, WebAuthn)
  • Familiarity with PCI-DSS, PSD2, and Strong Customer Authentication requirements
  • Understanding of cloud-native security patterns
• Code Review & Analysis Skills
  • Ability to identify security vulnerabilities through manual code review
  • Experience with static and dynamic analysis tools
  • Understanding of common vulnerability patterns across languages
  • Knowledge of secure architecture patterns and anti-patterns
  • Ability to provide actionable remediation guidance
• Professional Requirements
  • Experience in financial services or high-security environments
  • Strong communication skills to explain security risks to developers
  • Ability to balance security requirements with development velocity
  • Collaborative approach to working with engineering teams
  • Technical writing skills for documentation and guidelines
  • Experience with payment systems and transaction security
  • Knowledge of mobile app protection
  • Experience building security champions programs
  • Background in penetration testing or security research