25

Sr. Manager, Application Security

This company’s customers trust that their transactions and private information are secure because of the high standards of security enforced for the company technology.  The applications security program is designed to ensure that any software developed or acquired meets these stringent standards while enabling rapid innovation to meet the company’s ever-changing needs.

 

The Sr. Manager, Application Security will lead a team to provide updated guidance to the development teams on the current software development security standards, as well as, led the ongoing testing of the security controls of the company’s applications.

 

DETAILED RESPONSIBILITIES/DUTIES: 

  • Manage a global team of at least 4 application development security engineers.
  • Integrating
security
tools, standards, and processes into the product life cycle (PLC).
  • Ensuring
that
developers
and
QA
personnel
are
trained
with the
appropriate
level
of security
knowledge
to
perform
their daily
  • Improving
and
supporting
application
security
tool deployments
including
static
analysis and
runtime
testing
  • Improving
and
maintaining
secure
development
  • Supporting
the
incident
response
and
architecture
review processes
whenever
application security
expertise
is
  • Managing
annual
penetration
testing
services, including
both expert
consulting
and
managed
  • Providing
manual
penetration
testing
and
standards
gap analysis
services
to
internal business
and
technology
  • Managing
application
framework
and
perimeter
security improvement
  • Supporting
Vendor
Security
activities
to
ensure
3rd‐party software
and
development
meets
security
  • Integrating
threat
modeling
practices
into
the
product
life
  • Providing
security
requirements
for
test‐driven
  • Producing
metrics
reporting
the
state
of
application
security programs
and
performance of
development
teams
against potential impact on the enterprise and on the achievement of scheduled objectives.

REQUIRED QUALIFICATIONS:

 

Skills:

  • Mastery of programming language and development tools in C/C++, GNU tool-chain, Linux development environment, embedded system debugging, and scripting in Linux shells.
  • Windows Development API’s including C#, .NET architecture, WMI, Active Directory, XML, and Windows Server administration a plus
  • A solid foundation in computer science, with strong competencies in data structures, design patterns, object-oriented programming, algorithms and software design.
  • Strong fundamentals of topics in Operating systems (e.g. virtual memory, IPC, processes, threads, kernel, scheduler, I/O, file systems)
  • Must have programmed with TCP/IP sockets, be familiar with Ethernet, know the protocol formats and state-machines for ARP, IP, UDP, TCP, TLS.
  • Excellent analytical skills with the ability to resolve technical issues as both an independent thinker and team member with a focus of action with results.
  • Ability and willingness to learn quickly new skills
  • Flexibility to work in an agile and fluid environment

Experience:

  • Software design and development
  • Related experience in the IT Security field
  • Project management skills

Education:

  • Bachelor’s degree in Computer Science, Information Technology, Business or equivalent discipline (OR)
  • 8-10 years related experience and/or training; or equivalent combination of higher education and experience

PREFERRED QUALIFICATIONS:

  • (5) plus years leading security teams
  • (5) plus years Performing testing of new and existing applications for security vulnerabilities
  • (5) plus years Integrating security into development processes
  • (5) plus years Consulting with development teams on secure architecture and best practices
  • (5) plus years Developing secure coding training and education
  • (5) plus years Participating security operations support and incident handling
  • (5) plus years Evaluating and recommending new and emerging security products and technologies
  • (5 plus years) Leadership competencies: IT Strategy and governance; IT
  • (5 plus years) Quality management; development management;
  • (5 plus years) IT Financial management; IT HR management; IT Risk management and Entrepreneurship
  • (3) plus years leading global or distributed Application development security teams
  • Masters degree in in computer science or Information Technology





Categories: