Security Specialist – Application

Security Specialist – Application

Requirements

• 3+ years of experience in cybersecurity, security development, or a related field.
• 1-2 years of experience in application and software architecture, including system integration and security best practices.
• Strong background in IT systems development, network security, and/or cloud security.
• Experience with application security, risk management, authentication systems, security testing, and hardening.
• Familiarity with SaaS industry technologies and security considerations across major cloud providers.
• Strong analytical and problem-solving skills with an ability to think independently and take initiative.
• Comfortability in engaging with senior leadership, developers, product teams, and customers on security strategy and best practices.

Responsibilities

• Establish and enhance security measures across our SaaS platform and its supporting infrastructure.
• Ensure secure API design and implementation, including authentication, authorization, and encryption practices for services and cloud-native architectures.
• Maintain, deploy, upgrade, and troubleshoot cloud network security infrastructure solutions, including hybrid connectivity, firewalls, web application firewalls (WAFs), intrusion prevention and detection systems (IPS/IDS) tools to ensure a resilient and secure environment.
• Deploy, manage, and optimize endpoint security solutions, including antivirus, endpoint detection and response (EDR), virtualized configurations, and device hardening to protect against malware, ransomware, and other threats.
• Implement and manage real-time log monitoring, audit log review, and analysis to detect and respond to potential threats.
• Perform threat modeling, security design reviews, and architecture assessments for SaaS solutions to proactively identify and mitigate security risks.
• Perform routine vulnerability scanning, prioritize remediation activities, and ensure vulnerabilities are remediated in accordance with service level agreements.
• Implement and enforce data protection measures, including encryption, data loss prevention (DLP), and access controls, to safeguard sensitive information and ensure compliance with security and privacy regulations.
• Collaborate with development teams to embed security best practices throughout the software development lifecycle (SDLC), including secure coding, API security, and DevSecOps principles.
• Work closely with the IT team to enforce strong access management controls and prevent unauthorized access.
• Automate security tasks and processes to enhance operational efficiency and reduce manual workload. Develop and maintain automated security testing solutions and integrate security tools within CI/CD pipelines to ensure continuous application security.
• Investigate, analyze, and respond to security incidents related to SaaS applications, ensuring containment, root cause analysis, and documentation.
• Advocate for security best practices across the company, helping to build a strong security-first culture. Provide secure coding training and guidance to engineering teams, ensuring awareness of common vulnerabilities and best practices.
• Support security initiatives through project tracking, maintain the integrated master schedule, and present security updates to agency change boards and leadership.

Preferred Qualifications

• Certifications such as CISM, CCSK, or CISSP are a plus but not required.