Must-have skills / project experience

4+ years of hands-on experience in application security / DevSecOps, with strong experience in SAST, SCA, and DAST (and ability to operate these in CI/CD).

Experience with leading AppSec tools such as Checkmarx, Veracode, Fortify, Burp Suite, OWASP ZAP, Snyk, Mend/WhiteSource, Black Duck, or similar.

Strong understanding of SSDLC, OWASP Top 10, secure coding practices, and common web/API vulnerabilities (authentication/authorization, injection, SSRF, deserialization, misconfiguration).

Experience integrating security controls into Jenkins, GitLab CI, GitHub Actions, Azure DevOps, or similar CI/CD platforms, including pipeline templates, quality gates, and exception processes.

Python proficiency for AppSec automation (e.g., pipeline integrations, parsing/enrichment, and custom checks); experience with scripting to operationalize security at scale.

Hands-on experience designing/buil...