Umbrella Infocare - Application Security Specialist

Job Description

Job Overview As an Application Security Specialist, youll play a vital role in building secure systems from the ground up. Working closely with engineering, compliance, and DevOps teams, you will ensure our applications meet rigorous security and regulatory standards across global jurisdictions. Your Impact On The Mission Integrate security into the Software Development Lifecycle (SDLC), embedding security controls at every phase. Conduct threat modeling, secure code reviews, and penetration testing for internal and third-party applications. Collaborate with development teams to address security issues across CI/CD pipelines (DevSecOps). Manage and mitigate application-level risks in line with security frameworks and regulatory requirements. Support compliance efforts for GDPR, NIS2, PCI-DSS, and DORA by applying security controls and maintaining evidence. Drive secure practices in the software supply chain, improving defenses against attacks like those seen in SolarWinds. Business Impact Reduces application security vulnerabilities across internal and customer-facing systems. Helps ensure Noventiqs compliance with global cybersecurity regulations. Lowers production defects and remediation costs through early detection. Strengthens resilience of cloud-native and third-party platforms. About What Youll Bring to The Table : About You 5 years in Application Security, including secure development, testing, and DevSecOps. Solid understanding of OWASP Top 10, SAST/DAST, threat modeling, and common attack vectors. Familiarity with CI/CD environments (e.g., GitLab, GitHub Actions, Azure DevOps). Hands-on experience with tools such as Burp Suite, OWASP ZAP, SonarQube, Checkmarx, or similar. Preferred Certifications Certifications Are a Plus, Including OSCP , GWAPT, CISSP, or CSSLP Bonus for Azure Security Engineer (AZ-500) or Certified DevSecOps Professional Frameworks & Compliance Knowledge Of OWASP , CIS Controls v8, ISO/IEC 27001 GDPR , NIS2 Directive, PCI-DSS, DORA Regulation (ref:hirist.tech)