Position: Application Security Director
Department: Information Security and Direct to Consumer
Contract: full-time
Position overview:
The Director, Application Security to work closely with company Information Security and Direct to Consumer teams on initiatives to protect data, services, and technology assets and to design, deploy appropriate, risk-based application security safeguards and technical application security controls.
The Director of Application Security will be a valued partner to development and engineering teams to ensure secure architectures, patterns, and solutions are created and maintained.
This person will be the subject matter expert for secure code development and will work with various application engineering teams to develop alternatives for remediation of vulnerabilities.
Qualifications Required:
- 6-10 years’ experience with application security
- Experience w/public cloud environments (IaaS, PaaS, SaaS) and familiar with application security tools like BurpSuite Pro, SAST, DAST, nmap, Metasploit, and Kali Linux, etc.
- Experience in application development with at least one modern programming language
- Knowledge of OWASP
- Knowledge of DevOps and Agile methods
- Experience working with Agile development/Scrum teams, and enthusiastically incorporate security requirements into SDLC (CI/CD) with product owners/managers
Key responsibilities:
- Create and run secure code assessments with various application and services engineering teams
- Run, maintain, and utilize security tools for the Appsec program, e.g., static and dynamic code analysis tools
- Perform risk and threat assessments
- Evaluate, deploy and support application security technologies, processes and workflows on multiple platforms (e.g., Server/Client, Mobile, Tablet, etc.)
- Develop and execute security assessment test plans, document and present results to customers
- Understand and recommend security controls for the rapid development of consumer-facing prototypes to identify technical options and inform architectural approaches
- Identify and recommend best-of-breed security stack and controls for interactive consumer experiences across web and mobile devices. (i.e., project, customer, and vendor management skills)