Must have:
· Extensive knowledge of application architectures, web applications, APIs, mobile applications, desktop applications, and the underlying technology of cloud infrastructure and network
· Experience in securing applications in hybrid and cloud deployments.
· Strong background of application development
· Demonstrated experience in the design and implementation of cloud security controls for IaaS/PaaS/SaaS
· Experience with public cloud providers such as Azure, OCI, etc.
· Practical expertise in introducing security processes/methods/tools in software development.
· Knowledge of application security and secure software development practices: S-SDLC, DevSecOps, OWASP top 10, CWE 25, etc.
· Experience with Application Security Testing (SAST, DAST, SCA, IAST, etc.) and how to embed them early in the development toolchain.
· Hands-on experienced with web application and API protection tools (WAF, API Gateways, Runtime-Application Self-protection, In-app protection, etc.)
· Practical experience with Infrastructure as Code tools (Terraform, Ansible, Azure DevOps , etc.)
· Deep knowledge of cybersecurity concepts such as TLS, PKI, SSO, MFA, modern authentication methods, Reverse Proxy, Application Gateways, cloud encryption, keys and secrets security, NGFW, IPS, DDoS mitigation, etc.
· Fluent English
Work experience:
· 5+ years application security design experience with 3+ years of cloud (Azure)
