Job Description
1-year contract, renewable Hybrid work arrangement Government project Key Responsibilities Perform threat modelling and establish threat profiles to identify, assess, and remediate application security risks. Review application architectures, APIs, and cloud environments to ensure compliance with security best practices. Conduct security testing using SAST tools such as Fortify-on-Demand, SonarQube, and similar solutions. Track, manage, and remediate security vulnerabilities through timely patching and mitigation activities. Work closely with development, DevOps, and infrastructure teams to integrate security controls into CI/CD pipelines. Conduct security awareness training and provide security advisory support to project teams. Ensure adherence to security standards and frameworks such as OWASP Top 10 and OWASP ASVS. Requirements Minimum 4 years of experience in software development, application security, and/or cloud computing (AWS preferred). Strong understanding of web and mobile application security, API security, and related technologies (REST, SOAP, SSL/TLS). Experience in threat modelling and application security risk assessment. Familiarity with Agile development methodologies, DevOps practices, and CI/CD pipelines. Hands-on experience with security scanning tools such as Fortify-on-Demand, SonarQube, or equivalent. Good knowledge of security best practices and secure software development lifecycle (SSDLC). Strong analytical, troubleshooting, communication, and stakeholder management skills. Ability to work independently and collaboratively within cross-functional teams. Preferred Qualifications Relevant certifications such as CISSP, OSCP, AWS Security Specialty, AWS DevOps Engineer, or equivalent. Experience working in Government environments. Experience with Government Commercial Cloud (GCC) environments.
