Application Security Specialist

Gözen Digital Aviation

• Work closely with the product teams to understand our products in depth to document the product details including the security architecture, attack surface, trust boundaries and data flows.
• Assist in develop Threat Models that enumerate cybersecurity threats by attack surface. Document and verify the existing security mitigations and identify if additional mitigations are required for our products.
• Lead the documentation of product cybersecurity requirements, cybersecurity risk analysis, verification and validation protocols.
• Work with the product teams to define security mitigations, provide guidance during mitigation development.
• Develop and implement security test and verification scripts for testing web, iOS, Android and REST API.
• Develop policies and procedures to standardize security functions and eliminate potential vulnerabilities and threats
• Assist in conducting security verification and validation efforts
• Supports activities, processes and tools needed to improve overall security posture of the organization
• Provide training and leadership to IT personnel (including developers) on security threats and issues, promote security awareness throughout the organization
• Analyze source code to mitigate identified weaknesses and vulnerabilities within the system

Profile

• In-depth knowledge of security concepts regarding WEB, Mobile and Rest API security. Understanding of current and emerging security technologies and threats.
• Proficient with methodologies, tools, best practices and processes across various cybersecurity areas.
• Proven experience with threat modelling and risk analysis.
• Ability to gather written and verbal information from multiple sources, assess and consolidate risks to provide appropriate recommendations.
• Hands-on experience with penetration testing and vulnerability analysis frameworks and tools.
• Experience in developing test routines and protocols to validate security mitigations.
• Experience in SDLC process
• CI/CD pipele knowledge
• Preferably experience working with Static Code Analysis Tools and false positive debugging experience.