Application Security Director
New York, NY
Roles & Responsibilities:
- Lead the Application Security program as an AppSec SME throughout a global technology organization with in-house developed applications and various legacy and modern systems within data centers and the cloud.
- Lead and mentor a team of AppSec professionals across the DevSecOps, SAST/DAST, Software Composition, and SDLC disciplines.
- Develop enterprise policy and technical standards with specific regard to application security management and secure development standards.
- Document technical issues identified during AppSec assessments and correlate technical issues across applications to update application security standards.
- Define and report on AppSec assessments utilizing the Common Vulnerability Scoring System (CVSS) classifications and standards.
- Fully understand business requirements and work with them to define appropriate solutions for security objectives while meeting the business need.
- Aware of Azure, OpenShift, Docker, Kubernetes – bringing security tooling to DevOps and driving tool chain automation
- Have experience at evaluating, building, deploying, and managing best-in-class commercial and open-source application security testing tools at the enterprise scale
- The focus will be on managing application security testing tools (commercial and open source) and vulnerabilities discovered, improving scan policies and coverage, bringing in new and appropriate security tooling, and integrating security tools into DevSecOps
- Well aware of Azure, OpenShift, Docker, Kubernetes – bringing security tooling to DevOps and driving tool chain automation
- Bachelor’s degree in Computer Science, or related discipline, or equivalent work experience.
- Typically a minimum of ten years’ related work experience in Information Security, preferably with at least 7 years of experience in Application Security.
- Strong interpersonal skills, including executive communication to senior leadership
- Experience in software development in prior role is a big plus, should have experience in application pen testing SAST/DAST using methodologies.
- Security certifications (CEH, CCSP, CISSP, OSCP) are also a plus
Back To Job Board
Submit Your Resume
"*" indicates required fields