Key Responsibilities
- Conduct security-focused code reviews and identify vulnerabilities, including on legacy PHP code.
Implement and maintain static and dynamic code analysis tools (e.g., SonarQube, Semgrep, Checkmarx, Fortify, AppSec).
- Perform penetration testing and security analysis using tools like Burp Suite, OWASP ZAP, Acunetix, etc.
- Integrate security into CI/CD pipelines with GitLab CI/CD, Jenkins, GitHub Actions.
- Automate security checks before production deployment and generate reports to guide
developers in fixing vulnerabilities and providing recommendations.
- Utilize efficient and fast local AI tools to detect vulnerabilities and propose solutions.
- Educate developers on security best practices and Secure Coding principles.
- Keep up-to-date with cybersecurity threats and suggest improvements.
Required Skills
- Conduct security-focused code reviews and identify vulnerabilities, including on legacy PHP code.
- Implement and maintain static and dynamic code analysis tools (e.g., SonarQube, Semgrep, Checkmarx, Fortify, AppSec).
- Perform penetration testing and security analysis using tools like Burp Suite, OWASP ZAP, Acunetix, etc.
- Integrate security into CI/CD pipelines with GitLab CI/CD, Jenkins, GitHub Actions.
- Automate security checks before production deployment and generate reports to guide developers in fixing vulnerabilities and providing recommendations.
- Utilize efficient and fast local AI tools to detect vulnerabilities and propose solutions.
- Educate developers on security best practices and Secure Coding principles.
- Keep up-to-date with cybersecurity threats and suggest improvements.
- Proficiency in common programming languages (Python, JavaScript, PHP, C#, SQL).
- Strong experience in security testing and code auditing.
- In-depth knowledge of OWASP standards, SANS 25, ISO 27001, NIST.
- Good understanding of cryptography and secret management concepts.
- Ability to work with vulnerability management and monitoring tools.
- Proven experience in cybersecurity, code review, and DevSecOps.
- Ability to simplify security concepts for technical teams.
- Strong analytical and problem-solving skills.
