4 years in Application / Product security or software engineering with a strong security focus.
Hands on depth with modern SDLC/DevSecOps in cloud-native environments: microservices, APIs, containers/Kubernetes, serverless, IaC (Terraform/CloudFormation/ARM/Bicep), and CI/CD integration.
Practical expertise operating and tuning SAST, DAST, SCA, API testing, IaC/container scanners, plus CNAPP for multi cloud.
Scripting/automation proficiency (Python preferred; PowerShell/Bash nice) and REST API integration skills; able to create quick utilities and pipeline jobs to reduce manual effort.
Strong knowledge of OWASP Top 10, ASVS, SAMM, NIST SSDF, CSA CCM, secure design patterns, cryptography fundamentals, authN/Z (OAuth2/OIDC/JWT), and common web/API vulns and mitigations.
ActiveSoft, Inc