IT Application Security Specialist

Job Purpose

1. Application Security Strategy

• Develop and maintain the enterprise Application Security program
• Define and implement secure-by-design principles across all applications
• Establish and monitor key security metrics (e.g., vulnerability reduction, remediation timelines)
• Continuously improve application security maturity

2. Security Architecture & Design

• Design and review secure architectures for applications, APIs, and microservices
• Lead threat modeling activities (e.g., STRIDE methodology)
• Define and enforce security design patterns, including authentication, encryption, and data protection
• Participate in architecture governance and review forums

3. DevSecOps & Secure SDLC

• Integrate security controls into CI/CD pipelines
• Implement and manage application security testing tools (SAST, DAST, SCA)
• Establish secure coding standards aligned with OWASP Top 10
• Automate security validation and enforcement across development pipelines

4. Cloud Security

• Design and implement secure cloud architectures across AWS and/or Azure environments
• Enforce Identity and Access Management (IAM) and Zero Trust principles
• Secure containerized environments (Kubernetes / OpenShift)
• Ensure effective monitoring, logging, and threat detection in cloud platforms

5. Security Testing & Assurance

• Coordinate vulnerability assessments, penetration testing, and application security reviews
• Ensure timely remediation and closure of identified vulnerabilities
• Validate security controls through regular testing and simulation exercises

6. Security Operations Integration

• Collaborate with SOC teams to enhance monitoring and incident response capabilities
• Support SIEM use case development and optimization
• Analyze security trends and proactively identify emerging risks

7. Governance, Risk & Compliance

• Ensure adherence to security standards and regulatory requirements, including:
• PCI DSS
• SWIFT CSP
• ISO 27001
• Support internal and external audits and regulatory assessments
• Develop and maintain security policies, standards, and procedures

8. Stakeholder Engagement & Awareness

• Provide security guidance to development, DevOps, and architecture teams
• Conduct training and awareness sessions on secure coding practices
• Act as a trusted advisor on application security matters

Qualifications & Experience

• Bachelor’s degree in computer science, Cybersecurity, Software Engineering, or a related field
• Minimum
• 8–12 years of experience
• in cybersecurity, with strong focus on:
• Application Security
• DevSecOps
• Cloud Security
• Experience in the
• banking or financial services sector preferred

Technical Skills

• Strong knowledge of:
• OWASP Top 10 and secure coding practices
• Secure SDLC and threat modeling techniques
• API and web application security
• Experience with application security tools:
• SAST, DAST, and SCA platforms
• Proficiency in cloud security (AWS / Azure)
• Knowledge of container security (Kubernetes / OpenShift)
• Familiarity with SIEM, vulnerability management, and security monitoring

Behavioral Competencies

• Strong analytical and problem-solving skills
• Effective communication and stakeholder management
• Ability to influence cross-functional teams
• Strong attention to detail and risk awareness

• CCSP (Certified Cloud Security Professional)

• CISM or CRISC

• CEH (Certified Ethical Hacker)

• Microsoft Azure Security Engineer (AZ-500) or AWS Security Specialty

Additional Information

• This role requires close collaboration with development, infrastructure, and security teams
• The position involves both strategic planning and hands-on technical contributions
• Experience in regulated environments is highly desirable