Related skills
threat modeling api security sast dast sca📋 Description
- Define lightweight SSDLC with requirements, design checks, and release criteria.
- Own AppSec toolchain: SAST/DAST/SCA, secrets, IaC; tune rules and triage.
- Security code reviews for critical areas; provide remediation guidance.
- Lead API security: OAuth/OIDC, token handling, rate limiting, logging.
- Threat modeling/design reviews for new features; deliver mitigations and tests.
- Manage dependency risk (SCA/SBOM); SBOM generation; assess third‑party components.
🎯 Requirements
- 6+ years in Product Security / Application Security with engineering delivery.
- Strong understanding of OWASP Web & API risks.
- Hands-on CI/CD security: SAST/DAST/SCA; triage findings; remediation.
- Comfortable reading code in Java, C++, Go, Python, Node.js.
- Cloud-native delivery: microservices, containers, CI/CD, IaC, observability.
- Strong communication to translate risk into actionable engineering tasks.
Meet JobCopilot: Your Personal AI Job Hunter
Automatically Apply to Engineering Jobs. Just set your
preferences and Job Copilot will do the rest — finding, filtering, and applying while you focus on what matters.
Help us maintain the quality of jobs posted on Empllo!
Is this position not a remote job?
Let us know!