Job Description
JOB PROFILE
- Completion of security assessments as defined in the assessment schedule
- Automate security testing and vulnerability assessments (e.g., SAST, DAST, SCA) within the CI/CD pipeline to ensure secure code is being deployed
- Ensure the secure configuration and maintenance of cloud infrastructure (AWS, Azure, GCP) in DevSecOps context, focusing on securing cloud-native applications and services
- Perform Vulnerability Assessments and Penetration Testing for both Mobile, Web applications and APIs
- Collaborate with development, operations and security teams to integrate security practices into the CI/CD pipeline and throughout the SDLC
- Conduct Architecture Reviews to assess the security of application, network and system architecture. Identify potential weaknesses, security gaps and recommend security enhancements
- Conduct security reviews of application code and architecture to ensure the implementation of secure design patterns, secure coding practices and effective mitigation of risks
- Work closely with development, IT and operations teams to establish security controls for all applications and cloud infrastructure. Educate teams on security best practices
APPLICANT'S PROFILE
- Bachelor's degree in Information Technology / Computer Science / specializing in Information Security or Cyber Security
- Minimum 2 years of experience in application security, including hands-on experience with SAST, DAST and penetration testing
- Relevant security certifications (e.g., eJPT, CHFI, CEH, Security+)
- Strong understanding of security principles and best practices, including OWASP Top 10, SANS Top 25 and NIST standards
- Experience with common security vulnerabilities and exploits
- Experience with containerized environments is a plus (e.g., Docker, Kubernetes)
- Experience with cloud security is a plus (e.g., AWS, Azure, GCP)
- Excellent communication and interpersonal skills
- Strong analytical and problem-solving skills
- Ability to work independently and as part of a team
Successful candidate will be provided with an attractive compensation package benchmarked with highest paid IT organizations in Sri Lanka along benefits.
Interested candidates are invited to apply for the position, all applications should be routed through our corporate website.
To apply, please visit, www.combank.lk
