Responsibilities
Compliance & Threat Modeling: Determines the security and privacy requirements of an application, providing guidance and performing formal threat modeling specific to the codeless architecture and integration points.
Security Assessment: Assesses the security of applications through Dynamic Application Security Tests (DAST) and formal penetration tests on both internal and external-facing components and APIs.
Access Control Design: Defines the complex role-based access control (RBAC) strategy, including sensitive data access definitions and permissions at the environment and module level.
Regulatory Alignment: Ensures the application adheres to strict corporate policies and external regulatory mandates, like GDPR, SOC2, and financial services compliance.
Security Documentation: Creates and maintains documentation for security controls, audit strategies, and compliance reporting.
Qualifications
Experience: 3+ years of experience in application security, risk management, or compliance engineering in the applicable industry (Finance, Insurance, and Public Sector).
Testing Skills: Experience conducting security testing, code analysis, and vulnerability management.
Platform Knowledge: Familiarity with cloud security principles, like AWS and Azure, and enterprise security architecture, like API Gateways and encryption standards.
Compliance Depth: Deep understanding of regulatory requirements (PII, data sovereignty, and audit trails).
Communication: Ability to clearly communicate security risks and remediation requirements to both technical builders and executive risk management stakeholders.