Position Summary: We are seeking an application security professional to evaluate, identify, document, and remediate vulnerabilities across the software development lifecycle, ensuring compliance with security standards. Key Responsibilities: 1. Evaluate and secure applications throughout their entire lifecycle. 2. Implement Secure SDLC / DevSecOps practices. 3. Advise on remediation of findings and secure programming best practices. **Responsibilities:** * Assess application security throughout the entire lifecycle, including design, development, testing, deployment, and production handover phases. * Identify, analyze, and document vulnerabilities, gaps, and threats in source code, solution architecture, APIs, third-party components, configurations, and other elements of the associated technology platform. * Define, promote, and implement security controls within the Secure Software Development Lifecycle (SSDLC / DevSecOps). * Execute and coordinate technical security assessments, including SAST, DAST, SCA, secret scanning, and manual testing of web applications, mobile applications, APIs, or other IT components. * Define and maintain secure development standards, incorporating controls such as input validation, authentication, session management, encryption, and protection of exposed services. * Advise development teams on remediation of findings and adoption of secure programming best practices. * Implement security controls for APIs (OAuth2, JWT, rate limiting, WAF). * Manage the application vulnerability lifecycle, coordinating prioritization, remediation, tracking, and closure with responsible teams. * Participate in secure architecture and design reviews, performing threat modeling activities, risk analysis, and ensuring compliance with standards such as NIST CSF, OWASP Top 10, CVE, CWE, NIST, CIS Controls, SAMM v2, ASVS v5, OWASP MASVS, Personal Data Protection Law, and internal security policies. **Experience:** * Experience in application security, offensive/defensive cybersecurity applied to software, or secure development. * Proven experience in identifying and remediating vulnerabilities in web applications, mobile applications, APIs (API testing tools: Postman, Swagger/OpenAPI, SoapUI, Burp Suite), and associated components, at both code and architecture/configuration levels (Threat Modeling tools: Microsoft Threat Modeling Tool, OWASP Threat Dragon). * Experience implementing Secure SDLC / DevSecOps practices, integrating security controls into development, testing, deployment, and production handover pipelines (GitHub, GitLab, Jenkins, Azure DevOps, or Bitbucket). * Knowledge of tools such as Checkmarx, Fortify, SonarQube, Burp Suite, OWASP ZAP, GitLab, GitHub, SNYK, or related vulnerability scanning tools for code and infrastructure. * Experience with development frameworks (Java Spring Boot, Node.js, Angular, Python). * Knowledge of authentication and authorization (OAuth2, OpenID Connect, SAML). * Experience implementing WAF and application protection. Employment Type: Full-time Salary: S/.8,000\.00 \- S/.9,000\.00 per month Application Question(s): * Do you authorize the use of your personal data in accordance with Law No. 29733 to include you in our database and consider you for future selection processes and employment opportunities? Work Location: Hybrid in Santiago de Surco, Lima