- Conduct application security reviews, threat modeling, code reviews, and risk assessments for new features and product changes.
- Perform and improve SAST/DAST operations, including triage, validation, and remediation tracking within CI/CD pipelines.
- Manage the vulnerability backlog, including maintaining triage criteria, remediation tracking, and escalation paths.
- Perform and coordinate penetration testing and security assessments against web and API surfaces.
- Apply and improve AI security review processes to mitigate risks such as prompt injection, data leakage, and supply chain threats.
- Build and maintain security automations and AI-powered tools.
- Participate in the weekly security on-call rotation.
Python