Director, Application Security
Our client is looking for a Director of Application Security to oversee a robust team of technology professionals responsible for the security of major Application and SDLC programs. This is a key role in the Information Security group ensuring that software developed by engineers meets security goals and data protections. You will bring deep knowledge in areas of Information Security, Application Security, and Application Development as you drive processes and methods that will reduce products’ security risks.
Further, you will:
- Define application security requirements and business objectives, and communicate these to your team/department
- Identify and explain vulnerabilities and weaknesses, and research/discuss defensive techniques
- Effectively communicate security information to executive leaders, management, team members, and project/portfolio partners
- Oversee project budgets and scope, and participate in resource planning for identified risks
- Manage supply and demand and allocate project/program resources
- Make recommendations on a short- and long-term scale with respect to information security strategy to include business requirements, industry threat landscape, and risk appetite
- Create reports/metrics for review of the application security program as needed
What Gets You the Job?
- 8 to 12 years’ experience leading teams in areas such as security architecture, secure development lifecycle management, application security (web and mobile), cloud security, risk & compliance
- Innovative technical leadership skills with an ability to communicate and improve process
- Experience coordinating with multiple levels of business and technical executives, teams, and engineers in a dynamic environment
- Strong experience with implementing successful SDLC programs with a high level of automation
- In-depth experience in securing infrastructure and data per SOX, GDPR, PCI, global security mandates
- Prior experience performing threat modeling and integrating related practices into the product life cycle
- Experience with performing architecture and source code reviews for security issues
- Experience with pen testing custom web and mobile applications, complex cloud environments and web services (REST, SOAP)
- In-depth experience with common web application vulnerabilities, and business logic flaws
Experience with application vulnerability scanning products
- Excellent communication skills (written, verbal, presentation)
- Security+, GSEC, CISSP certifications are strongly desired.
- Bachelor's Degree or higher in Computer Science preferred
Send us your resume today!
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.