Strong experience designing and implementing AppSec programs within DevSecOps, including integration of SAST, SCA, DAST, and related tooling into CI/CD pipelines.
Deep understanding of application security testing approaches (SAST for code analysis, DAST for runtime testing, SCA for open-source risk) and how they complement each other.
Experience with application vulnerability management and metrics, including: Defining KPIs (e.G., MTTR, severity trends, SLA compliance) o Delivering actionable dashboards and executive reporting
Hands-on experience with enterprise AppSec platforms and ecosystems, in...