Application & API Security Professional

About Marvell

.

Your Team, Your Impact

At Marvell, we are looking for an Application & API Security Professional who will be instrumental in protecting the company s digital assets. The ideal candidate will lead the application security program, oversee the identification and remediation of security vulnerabilities, and report on the effectiveness of the program to IT and business groups.

What You Can Expect

• Provide application security guidance to the IT teams and third parties involved in application development and maintenance.
• Embed security practices into the Software Development Life Cycle (SDLC) and CI/CD pipelines.
• Design Application and API security standards for Marvell, based on OWASP Top 10, OWASP API Top 10 and CIS Top 20
• Perform ongoing governance and follow-through with applications and API owners to ensure implementation of threat-based requirements.
• Establish External web applications and API inventory management and governance at Marvell.
• Develop and implement ongoing monitoring and incident response procedures for the existing and new APIs.
• Validate implementation of application and API security controls against outputs of vulnerability testing tools to enable auditability and verifiability.
• Collaborate with internal development teams to build/advocate security controls in Application Programming Interface (API), performing Threat Modeling, Static Application Security Testing (SAST), Software Composition Analysis(SCA)
• Perform security risk assessments and audits for web applications and APIs.
• Provide recommendations around security measures to protect applications and APIs from threats such as SQL injection, XSS, CSRF, and other OWASP Top 10 vulnerabilities.
• Perform vulnerability risk profiling and prioritization of vulnerabilities.
• Provide insight to management on common API misconfigurations, identify gaps in API development processes
• Support and consult with development and IT support teams in the areas of application and API security. Work with application and IT teams to review the application and API security architecture, API Gateway, WAF, and Firewall policies to block threat actors.
• Educates development team on application and API security procedures and standards
• Stay up to date with the latest security threats, vulnerabilities, and industry best practices.

What Were Looking For

• 8+ years of experience with Bachelor s or Master s degree in Information Technology or related field .
• Knowledge and working experience in application threat modeling and remediation of OWASP API Top 10, CIS Top 10, SANS Top 25, etc.
• Experience conducting risk assessments and performing threat modeling of applications. Strong understanding of security vulnerabilities, web application security, and secure coding practices
• Hands-on experience performing application and API security assessments, static and dynamic security assessments with tools such as Burpsuite, OWASP ZAP, AppScan, WebInspect, Fortify, Veracode, Checkmarx, etc.
• Knowledge of the SSDLC process and its components; Rest API technology and the API Gateway concept.
• Being familiar with issues related to authorization, authentication, or session management (SAML, OAuth, SSO, etc. ).
• Experience with API management platforms, security tools, and security frameworks.
• Experience with service-oriented architectures and web services security.
• Has practical experience in auditing various OS, DB, Networ, k and Security technologies
• Strong understanding of Unix/Linux/Mac/Windows, operating systems, including bash and Powershell
• Relevant certifications (OSCP, CISSP, CSSLP, GIAC GWAPT, CASP) will be an added advantage

Additional Compensation and Benefit Elements

With competitive compensation and great benefits, you will enjoy our workstyle within an environment of shared collaboration, transparency, and inclusivity. We re dedicated to giving our people the tools and resources they need to succeed in doing work that matters, and to grow and develop with us. For additional information on what it s like to work at Marvell, visit our Careers page.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.

#LI-CP1