- Sets strategy, provide technical direction to the AppSec Red team to run capabilities like Application Threat modeling, Manual secure code review, Advance Threat hunting techniques and Container security
- Run day to day operations including Performing AppSec Threat modeling on the application design architectures, Manual secure code review of in-house developed and advance penetration testing techniques to identify the vulnerabilities which cannot be reported by automated DAST scanners
- Lead a robust team of AppSec Consultants and AppSec Specialists and coordinate with various partners and vendors as part of AppSec ecosystem.
- Assist with executive communication to senior leadership teams on status of Application Security Red team programs.
- At least 10 years of multifaceted IT experience, preferably in information security and related experience
- Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10 and SANS Top 25), Security Testing methodologies and related tools such as Fortify, WebInspect, Burp Suite, Nexus and more
- Understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.)
- Experience working with DAST, SAST, and Penetration testing tools
- Experience with Application development build pipelines, automation, and CI/CD
- Experience with Threat Modeling
- Knowledge on large scale cloud-based services, Container security and very good understanding of security challenges involve in deploying Cloud and container applications
- Experience in facilitating technical conversations between engineering and operations teams.
- Experience handling relationships with and addressing senior management
- Strong planning and project management skills