This company’s customers trust that their transactions and private information are secure because of the high standards of security enforced for the company technology. The applications security program is designed to ensure that any software developed or acquired meets these stringent standards while enabling rapid innovation to meet the company’s ever-changing needs.
The Sr. Manager, Application Security will lead a team to provide updated guidance to the development teams on the current software development security standards, as well as, led the ongoing testing of the security controls of the company’s applications.
- Manage a global team of at least 4 application development security engineers.
- Integrating security tools, standards, and processes into the product life cycle (PLC).
- Ensuring that developers and QA personnel are trained with the appropriate level of security knowledge to perform their daily
- Improving and supporting application security tool deployments including static analysis and runtime testing
- Improving and maintaining secure development
- Supporting the incident response and architecture review processes whenever application security expertise is
- Managing annual penetration testing services, including both expert consulting and managed
- Providing manual penetration testing and standards gap analysis services to internal business and technology
- Managing application framework and perimeter security improvement
- Supporting Vendor Security activities to ensure 3rd‐party software and development meets security
- Integrating threat modeling practices into the product life
- Providing security requirements for test‐driven
- Producing metrics reporting the state of application security programs and performance of development teams against potential impact on the enterprise and on the achievement of scheduled objectives.
- Mastery of programming language and development tools in C/C++, GNU tool-chain, Linux development environment, embedded system debugging, and scripting in Linux shells.
- Windows Development API’s including C#, .NET architecture, WMI, Active Directory, XML, and Windows Server administration a plus
- A solid foundation in computer science, with strong competencies in data structures, design patterns, object-oriented programming, algorithms and software design.
- Strong fundamentals of topics in Operating systems (e.g. virtual memory, IPC, processes, threads, kernel, scheduler, I/O, file systems)
- Must have programmed with TCP/IP sockets, be familiar with Ethernet, know the protocol formats and state-machines for ARP, IP, UDP, TCP, TLS.
- Excellent analytical skills with the ability to resolve technical issues as both an independent thinker and team member with a focus of action with results.
- Ability and willingness to learn quickly new skills
- Flexibility to work in an agile and fluid environment
- Software design and development
- Related experience in the IT Security field
- Project management skills
- Bachelor’s degree in Computer Science, Information Technology, Business or equivalent discipline (OR)
- 8-10 years related experience and/or training; or equivalent combination of higher education and experience
- (5) plus years leading security teams
- (5) plus years Performing testing of new and existing applications for security vulnerabilities
- (5) plus years Integrating security into development processes
- (5) plus years Consulting with development teams on secure architecture and best practices
- (5) plus years Developing secure coding training and education
- (5) plus years Participating security operations support and incident handling
- (5) plus years Evaluating and recommending new and emerging security products and technologies
- (5 plus years) Leadership competencies: IT Strategy and governance; IT
- (5 plus years) Quality management; development management;
- (5 plus years) IT Financial management; IT HR management; IT Risk management and Entrepreneurship
- (3) plus years leading global or distributed Application development security teams
- Masters degree in in computer science or Information Technology