The Director, Application Security role is responsible for assuring secure software development across the Company enterprise. To accomplish this, the Director must be able to understand the risks presented by discovered vulnerabilities and garner the respect of the development community by communicating issues without hype and accurately assigning the business risk severity. In addition to understanding and articulating risks, the Director must have a passion to prevent issues by opportunistically educating developers in multiple formats ranging from formal online training to live demonstrations of recently discovered vulnerabilities. To fulfill this purpose, talent management that allocates task assignments with an understanding of balancing efficiency with the need to keep talent engaged, challenged, and growing.
Skills, Experience, Qualifications, If you have the right match for this opportunity, then make sure to apply today.
Responsibilities
Application Identification and Review - Is responsible for maintenance, execution, and reporting of the AppSec assurance tasks from Design Review through operating a Bug Bounty program
Standards and Policies - Owns the Application Development Security Policy and is responsible for timely updates, communication, and education
Secure Design – Establishes security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases
Tool Management – Implements and maintains cutting-edge technology to assess and protect applications and cloud environments throughout the SDLC and post deployment
Developer Education – Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community while continuously improving established education programs and distilling results into meaningful metrics
Bug Bounty Program - Operates a responsible disclosure program that appropriately incentivizes and fosters positive relationships with security researchers
Self-Improvement - Committed to continuous education and being a recognized industry leader in Application Security
Governance and Communication - Articulately codifies and communicates the Application Security programs through writing and discussion with all levels of the organization
Knowledge and Experience
University degree(s) in Computer Science, Engineering, MIS, CIS, or related discipline required
Minimum 5 years’ experience in Application Security
Management experience of a technical team required
Hands-on experience with information security and related technologies required
Software engineering experience in Java, C++, Python, and/or related languages
Experience with containerization and SDLC
Technical expertise and understanding of AWS and/or Azure cloud platforms
Able to Demonstrate compromise of vulnerabilities to educate and motivate development teams
History of earning the respect and trust of developers and management
Participation and leadership in Application Security consortia such as OWASP and ISSA
#J-18808-Ljbffr