In this role, you will be responsible for:
Collaborate closely with all Tipalti development teams to build and govern security from day one to production, following best practices.
Perform application security assessments, including architecture design reviews and threat modeling.
Provide secure software guidance and act as a business enabler to cross-functional teams, including product, engineering, etc.
Design, build, and implement best-in-class application security solutions.
Lead and promote security audits, vulnerability assessments and code reviews.
Develop software security guidance, including training material, best practices, secure coding checklists, and reusable code.
Validate ongoing compliance with policies and procedures in support of regulations.
Raise the overall security awareness for the Secure-SDLC and define training roadmaps based on needs.
Work with different entities in the company to ensure S-SDLC compliance with company rules and industry standards.
Review & manage security issues identified in products, analyze severity and risk, and provide recommendations for remediation.
Establish, manage, and lead a bug bounty program
3+ years of security architectural experience, conducting threat modeling and design reviews of complex products – Must.
2+ years of experience in the development of SaaS applications – Advantage.
In-depth knowledge of security architectural considerations from an end-to-end security perspective.
Expertise in building and implementing security policies, serving as a single point of contact for security in all S-SDLC tasks, challenges, and requirements.
Understanding of the OWASP Top 10 application security risks and proficiency in addressing them.
Knowledge of cloud-native infrastructure architecture (containers, Kubernetes).
Solid knowledge of Cloud Security Architecture, particularly AWS and Azure.
Knowledge of microservice architecture, web technologies, and APIs.
Excellent communication skills, with the ability to communicate and present effectively to stakeholders at all levels, from developers to senior management.
Hands-on experience with at least 2 Application security tools such as SAST, API Security, DAST, WAF.
