Application Security Lead

Demonstrated technical foundation (Computer Science / Engineering degree or equivalent experience) 8+ years of technical security experience, including hands-on experience with threat modeling, security design, security architecture, cryptography, mobile security, cloud computing technologies, and security products Expert understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…) Deep, demonstrable knowledge of the e-commerce transaction lifecycle and expert command of PCI DSS compliance standards Proven track record of driving the implementation of SDL processes, technology, and automation in sophisticated DevOps/DevSecOps environments Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...) Exceptional problem solving, critical thinking, collaboration and communication skills

Lead cross-functional, enterprise-wide projects and define the strategic direction for cutting-edge security development lifecycle (SDL) practices Conduct security design reviews and sophisticated threat modeling for new and existing mission-critical services Establish secure architecture standards, frameworks, and resilient security patterns Evaluate, prototype, implement, operate, and provide governance over core security tools (DAST, SAST, SCA, WAF, Secrets Management) Discover and analyze emerging security threats and implement centralized mitigations Maintain strong knowledge of current security threats and operational best practices Drive security assessment, penetration testing, and bug bounty programs Ensure all application security practices adhere to PCI DSS requirements Participate in security incident response activities as a technical leader