- Regularly review and monitor security across all applications, APIs, mobile systems (including penetration testing, vulnerability scanning, etc.)
- Champion security awareness of Flo's best practices across all Engineering teams while implementing a regular training specific to web apps.
- Discuss security requirements with product teams, participating in vulnerability disclosure program, creating security checks for pipelines
- Vendor security assessments (Automated via OneTrust)
- Managing security risks effectively and responding quickly in the event of a breach
- Developing POC exploitation scripts for known vulnerabilities (this doesn't need to be at an advance level)
- Familiarity with Mitre Top 25, CVSS & OWASP frameworks
- Ability to write remediation steps for vulnerabilities & weaknesses
- Experience with SAST and DAST tools
- Demonstrable experience triaging vulnerabilities with engineering teams
Required Skills & Abilities
- 3+ years of experience within Application Security (IOS & Android).
- Manage, maintain, and enhance the configuration of application security toolsets including static code analysis, open-source component analysis, and container analysis.
- English (B2+)
- Working knowledge of software security tools, including, Snyk, Burp suite, Kali Linux, Metasploit, etc.
- Excellent written and verbal communication skills.
- Must be able to use Jira and Confluence.
- Applicable STEM or Cyber Security degree
- Industry certifications OSCP, CEH, eWPT, CEPT, CMWAPT