Seeking a motivated and collaborative security leader to run our rapidly growing application security team and our secure development lifecycle program. The person in this role will also lead in building the application secure strategy, design, deployment, and operations of all of our systems. This role requires impeccable interpersonal skills as well as a deep understanding of architecture and products.
The role holder must be technical and collaborative with an ability to influence technology leaders to build security into the Software Development Lifecycle.
Create a relevant strategy and vision for application security to ensure the reduction of risk on the applications.
Refine and drive widespread adoption of our secure development lifecycle process
Build partnerships with other development teams, be a source of expertise in security best practices.
Recruit, mentor and grow your team of application security analysts
Develop and deliver engaging and memorable security trainings
Project manage all application security team initiatives and
Manage enterprise wide penetration tests
Provide detailed guidance and support to teams in application vulnerability remediation
Guide your team in selecting and implementing automated application scanning, static analysis and related tools
Perform threat modelling, architecture and source code reviews.
Provide application security guidance on cloud environments as well as non-cloud environments
Communicate relevant metrics and trends to the technology leadership team.
Ensure stakeholder satisfaction
Security leaders with deep empathy and a passion for helping others grow
Generalists who love learning new things and concocting creative security solutions for novel and risky functionality
5+ year of prior team lead or people management experience
7+ years’ experience in some combination of the following disciplines: web application security, cloud security, infrastructure security, penetration testing, secure software development, security tools development, architecture review and threat modelling
Experience with AWS, Java, Python, Ruby, and other modern open source languages and tools
Experience with static code analysis tools (Fortify)
Experience with dynamic code analysis tools (WebInspect)
Deep understanding of common web application attacks