Senior Manager, Application Security

We are seeking an experienced and knowledgeable Sr Manager, Application Security. This position is responsible for overseeing the development, implementation, and management of current and new application security capabilities. Our Sr Manager, Application Security will provide strategic direction, leadership, and operational excellence to protect our organization from cyber threats and ensure the security of our products throughout their lifecycle. The ideal candidate will have a deep understanding of cybersecurity principles, extensive experience in security program management, and a proven track record of success in leading cross-functional teams.

Responsibilities:

• Static Code Analysis (SCA): Establish and maintain a comprehensive static code analysis program to identify and address security vulnerabilities and coding errors in our software code.

• Dynamic Code Analysis (DCA): Lead efforts to assess the security of running applications and services through dynamic code analysis, identifying and mitigating security weaknesses.

• Container Security: Develop and implement robust container security practices, including securing container images, managing container runtime security, and enforcing access controls.

• Bug Bounty: Establish and manage a bug bounty program to engage external security researchers and ethical hackers in identifying vulnerabilities in our products, overseeing the responsible disclosure and remediation process.

• Penetration Testing: Coordinate and oversee penetration testing activities to evaluate the security posture of our products, ensuring comprehensive assessments and providing recommendations for improvement.

• Vulnerability Disclosure Governance: Develop and maintain a vulnerability disclosure governance process, facilitating responsible vulnerability disclosures, coordinating communication with external researchers, and overseeing the remediation efforts.

• API Security: Implement and enforce API security measures to protect the integrity, confidentiality, and availability of our product's application programming interfaces (APIs).

• Developer Security Training & Awareness: Establish comprehensive security training and awareness programs for developers, promoting secure coding practices, and ensuring adherence to security standards throughout the development process.

• Secure Development Lifecycle (SDL): Drive the integration of security considerations and practices into the product development lifecycle, including requirements, design, coding, testing, and deployment.

• Incident Response and Vulnerability Management: Develop and implement processes and protocols for effective incident response and vulnerability management in collaboration with cross-functional teams.

• Security Architecture and Design: Collaborate with product development teams to incorporate robust security controls and mechanisms into the architecture and design of our products.

• Security Testing and Validation: Oversee comprehensive security testing activities, including code reviews, security assessments, and security-focused quality assurance (QA) testing.

• Security Compliance and Audit: Ensure our products meet relevant security compliance requirements, actively participate in security audits and assessments, and drive ongoing compliance efforts.

Experience and Education Requirements:

• Bachelor's degree in computer science, cybersecurity, programming, database administration, or a related field.

• Possession or progress towards certifications such as CISSP, CISM, ISC2, ISACA, SANS GIAC, CompTIA, ITIL.

• Minimum ofseven (7) years of experience in systems administration and security aspects of information systems, computer networking, telecommunications, systems development and management.

• Extensive experience in product security, with a focus on managing security programs in a leadership role.

• Demonstrated experience in overseeing static and dynamic code analysis, container security, and vulnerability disclosure governance.

• Familiarity with bug bounty programs and penetration testing methodologies.

• Knowledge of API security and secure software development life cycle (SDLC) practices.

• Excellent leadership and team management skills, with the ability to inspire and motivate cross-functional teams.

• Strong communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels of the organization.

If you are a highly skilled and experienced security professional looking for an exciting leadership opportunity, we encourage you to apply for the position of Sr Manager, Application Security. Join our dynamic team and play a pivotal role in protecting our organization's assets and ensuring the security of our products.

Estimated base salary range: $106,500 - $163,900 USD/annually.