Manager of Application Security

Job Overview

Our client in the Elizabeth area of NJ has an excellent opportunity for a Manager of Application Security! 

 

Hybrid role:  1 or 2 days in the office.

 

Responsibilities:

  • Lead a team of Security Analysts who perform application security reviews (SAST / DAST) and recommend security solutions to meet current and future needs for applications.
  • Work with Development, DevOps, and other Information Security teams to identify, develop, and maintain automated security and compliance capabilities in support of DevSecOps processes. This includes planning, designing, developing, testing, and releasing of security implementations within applications.
  • Provide leadership and strategy on all matters related to identifying and remediation of application vulnerabilities earlier in the SDLC lifecycle.
  • Drive the development and implementation of application security standards that effectively reduce security risks before product releases.
  • Engage with teams across technology and digital products to understand their needs to build security into technologies and solutions.
  • Demonstrate subject matter expertise (SME) with common web application vulnerabilities, such as the OWASP Top 10 and business logic flaws; ability to explain all vulnerabilities and weaknesses and discuss effective defensive techniques.
  • Manage third-party penetration assessments and ensure that findings are appropriately prioritized and tracked to resolution.
  • Manage internal security champion and developer security training programs.
  • Responsible for mitigating threats and vulnerabilities through a variety of security testing (1) static testing (scan codes), (2) dynamic security analysis (attacking application during UAT stage), and (3) penetrating testing (attacking the application in the full ecosystem).
  • Evangelize application security and security testing across the enterprise.
  • Effectively communicate vulnerability risks and remediation methods to business owners, developers, and up to the executive level.
  • Manage, develop, and train staff; develop and monitor goals; conduct annual performance reviews, and administers salaries for the staff.
  • The information above is intended to describe the general nature of the work being performed by each incumbent assigned to this position. This job description is not designed to be an exhaustive list of all responsibilities, duties, and skills required of each incumbent.

 

Requirements:

  • 10 years of application security or application development experience, or a Master’s Degree and 7 years’ experience.
  • Minimum of 2 years of management or Team Lead experience.
  • Certified in at least one or more of the following certifications: CISSP, SANS Certifications, OCSP, Programming Certifications or similar.
  • Strong knowledge of one or more of the following programming languages: Java, JavaScript, C#, C, C++.
  • Strong knowledge of automation tools such as Jenkins, Ansible, Chef, and Puppet.
  • Experience in using scripting languages e.g. Python, PowerShell, Ruby to automate tasks and manipulate data.
  • Experience assessing and securing open-sourced software components.
  • Solid understanding of applied cryptography, web security, TLS/SSL, web authentication protocols such as OAuth / OpenID Connect / SAML.
  • Experience with security tools like Burp Suite, OWASP ZAP, Fortify, CheckMarx, AppScan.
Job Detail
Shortlist Never pay anyone for job application test or interview.