Application Security Lead

Demonstrated technical foundation (Computer Science / Engineering degree or equivalent experience) 8+ years of technical security experience in a top-tier software company Hands-on experience with threat modeling, security design, security architecture, cryptography, mobile security, cloud computing technologies, and security products Expert understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…) Deep knowledge of the e-commerce transaction lifecycle and PCI DSS compliance Proven track record of driving SDL processes, technology, and automation in DevOps/DevSecOps environments Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...)

Lead enterprise-wide projects and define strategic direction for secure development lifecycle (SDL) practices Conduct security design reviews and threat modeling for mission-critical services Establish secure architecture standards, frameworks, and resilient security patterns Evaluate, prototype, implement, and govern core security tools (DAST, SAST, SCA, WAF, Secrets Management) Discover and analyze emerging security threats and implement centralized mitigations Maintain knowledge of current security threats and operational best practices Drive security assessment, penetration testing, and bug bounty programs Ensure application security practices adhere to PCI DSS requirements Participate in security incident response activities as a technical leader