Job Description

What you will be doing:

• Driving the strategic direction and leading the expansion the Application Security program; efforts will include development and maintenance of application security roadmaps, concept of operations, standards, risk reporting and metrics.
• Leading and/or performing application security vulnerability assessments, penetration testing, executing SAST and DAST scans, focused on mobile and web applications.
• Collaborating with development teams to drive the onboarding of new and existing applications to Veracode SAST and DAST.
• Collaborating with partners (application owners, developers, BISOs, etc.) to ensure vulnerability findings are classified, documented, and managed appropriately. This includes thought leadership as an input into risk management of vulnerabilities that go un-remediated.
• Providing guidance to development teams on vulnerability identification, analysis, and remediation.
• Developing code review guidelines across a variety of programming languages.
• Leading the development and delivery of Application Security Training Programs.
• Handling supplier relationships to include engagement management, SOW generation, invoice management and ongoing operational governance.
• Other security-related tasks that may be assigned.

We want you to have:

• Minimum 8 years IT experience with at least 5 years of experience in application security; specifically, with web and mobile application security.
• Demonstrated experience leading and maturing application security programs.
• Detailed understanding of common code review methods and standards; including OWASP standards and methodologies.
• Knowledge and familiarity with Software Development Lifecycles (SDLC); including both Waterfall and Agile methodologies.
• Detailed grasp of IT security concepts and Defense-in-Depth practices.
• Strong verbal/written communication, with ability to effectively interact with individuals at all levels of responsibility and authority; must be able to prioritize, delegate and foster the development of high performance teams to lead/support an environment driven by customer service and team work; Strong trouble-shooting and organizational skills and ability to work on multiple projects simultaneously; ability to participate in resource planning processes based on defined organizational plans.

Preferred Qualifications & Experience:

• BS in Cyber Security, Information Systems, Information Technology, Computer Science, Digital Forensics, or equivalent subject area
• Knowledge of common security requirements within application development environments and programming languages such as C#.net, ASP.NET, VB.Net, Ruby, HTML, CSS, JavaScript, Objective-C, Swift, Java, Python.
• Experience using security and software development tools (e.g. Veracode, Burpsuite, AzureDevOps, Visual Studio, Android Studio, xCode, Synopsys Security Testing Services, Software Composition Analysis software such as Blackduck and WhiteSource, Qradar).
• Industry Certifications preferred: GWAPT, GPEN, GWEB, CISSP or related.