Application Security Lead

Job Requirements

REQUIRED QUALIFICATIONS:

* Minimum of Bachelor’s degree IT/IS/Business/Technology (or equivalent and related experience preferred).

* At least one of the major security certifications (ex: CCSLP, CISM, CISSP, CISA, CRISC, CCSK, Certified CISO, PMP, etc.) is HIGHLY preferred or commensurate work experience.

* Minimum of 3 years of Leadership experience leading application security teams and organizations.

* Minimum of 10 years of relevant industry experience as an application security engineer.

* Experience interacting with senior management involving negotiating or influencing on significant matters.

* Several years of experience with managing projects through the full system development lifecycle, leveraging Agile methodologies.

* Several years of experience with technical architecture experience integrating automation into processes and capabilities and early/continuous integration of security through the SDLC.

PREFERRED QUALIFICATIONS:

* Demonstrate consulting skills, with IT Security concepts and strategies, including communication, culture change and performance measurement system design

* Embrace and lead change effectively and cultivate an environment of security driven thinking, innovation, experimentation, rigor, and continuous improvement

* Excellent written, verbal communication and presentation skills with ability to effectively communicate with leadership team

Job Description

The Application Security Lead/Director is responsible for all company infrastructure technology including hardware software telecommunications and phones along with the application of those items to support and enhance business operations and processes. This role ensures that the appropriate technology and infrastructure is available to support the achievement of company short and long-term business goals and objectives. The role develops strategic plans and risk management strategies to support the installation of technology products that reduce costs and/or enhance business performance. This position allocates sufficient resources and manages Information Technology Department staff both in-house and external so that information systems are designed built and operated in a manner that is secure reliable manageable and consistent with the company's business objectives. This person will be responsible for building a global Application Security team and program from the ground up and should have commensurate experience in this area. 

Job Duties

* Define and improve global application security strategy and roadmap, including people, process, and technology.

* Provide application security guidance to IT and Business Owners for various products and technologies.

* Take a leadership role in driving internal security initiatives, including Vulnerability Management, Threat Intelligence, Attack Surface Reduction, and OT/IoT capabilities.

* Identify common security root causes and offer assistance in remediation of application security risk issues.

* Consult and advise with developers and Product Managers to analyze and implement security standards, methods, vulnerability remediation, and security architecture.

* Define and improve Threat vector analysis.

* Facilitation of threat modeling for integrated and complex solutions, and ensuring threat modeling is repeatable across the organization.

* Perform security-focused code reviews.

* Current and hands-on experience deploying and operationalizing Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST) technologies.