Director DevSecOps - Applicaiton Security
Posted on May 15, 2020 by Request Technology - Robyn Honquest
Directory of DevSecOps. You will be apart of the digital transformation efforts and help shift security left. Automation is essential in our ability to accelerate the technology value stream and product delivery. This role will serve as the Director of DevSecOps to lead and manage the secure software development team. This will include designing, building, and managing a scaleable threat modelling framework, leveraging automation to integrate Application Security into the Continuous Integration/Continuous Deployment (CI/CD) pipeline, and act as the product owner of application security automation platform. This is a growing team, with senior leaderships support and visibility. This role is involved in initiatives of high complexity that requires an individual who can quickly think on their feet, challenge the status quo, and rapidly move from ideation to delivery. You will be the DevSecOps Leading a team responsible for conducting static code analysis, threat modelling, and developer training program Develop and execute secure software development strategy for the enterprise, including policies, standards and governance Manage and design automation to integrate Application Security into various CI/CD across the enterprise Develop communications program for application threats and external and internal security events Improve and expand application security risk posture and processes across the enterprise Create and supports metrics that report application risk posture and progress over time Manage continuous release planning and execution and integrate with security design and engineering work across multiple groups and technical constituencies
- Bachelor's degree Master's preferred 10 years of escalating managerial work-experience in a highly diversified organization.
- 10+ years of increasing responsibility and work complexity to include progressive management roles in large, complex organizations.
- At least 5 years of experience with Applications Security, including familiarity with the leading toolsets supporting Application Security (dynamic and static)
- At least 2 years of experience with product design, delivery, and ownership and threat modelling
- Deep experience in enabling organizations with DevSecOps
- Deep experience with establishing and executing application security strategy Strong experience in static code analysis and third-party software composition analysis
- Strong experience in establishing and rolling out Threat Modeling enterprise wide that can be consumed by developers and engineers
- Strong experience building security communities across the enterprise through evangelism and training programs
- Knowledge of common information security management frameworks, including but not limited to: ISO 27001/27002, ITIL, COBIT and NIST
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired