Job Details – this job has expired, please see similar jobs below
The Application Security Director will oversee Company’s Application Security Program to ensure that risks to critical applications are identified and remediated before they can be exploited. This role is an essential part of Company’s overall information security program and will be charged with improving our application security processes to maintain coverage alongside advancing SDLC and DevOps best practices.
Manage the Application Security team that is charged with assessing applications, both in the cloud and on-prem, deemed critical to Company’s operations.
Work with development and operations groups across Company to implement security controls into the development and build processes.
Propose security controls and process improvements for the SDLCs and CI/CD pipelines that support the various applications across the enterprise.
Coordinate regular third party tests and assessments of Company applications.
Review reports from third party assessments, static code analysis tools, and dynamic code analysis tools then work with DevOps teams to remediate any negative findings.
Establish metrics and reports to track the health of the Application Security program and the individual applications that fall under the scope of the program.
Produce reports for management on a regular basis that highlight risks to individual applications or the program itself.
Propose new vendors, tools, and other budgetary items that could help improve the Application Security program.
Manage and coach the employees on the Application Security team.
Build relationships with development groups, application owners, and DevOps teams to facilitate positive working relationships.
Experience with managing an Application Security program
Knowledge of dynamic and static analysis tools and methods
Experience working with development and DevOps teams to implement security controls into the SDLC and CI/CD pipeline both in the cloud and on-prem
Knowledge of best practice frameworks such as OWASP
Detailed knowledge of application vulnerabilities and the ability to explain both the underlying vulnerability and proposed remediation to stakeholders
Ability to manage third party vendors* Undergraduate degree in a related field or equivalent experience.
Relevant certifications such as CISSP or SANS/GIAC a plus