This Job Vacancy has Expired!

Director DevSecOps

Posted on May 15, 2020 by Request Technology

Virginia, VA
IT
Immediate Start
$180k - $200k Annual
Full-Time




*This is a permanent full time role*

A fortune 500 company is on the search for a Director of DevSecOps. This role will include designing, building, and managing a scalable threat modelling framework, leveraging automation to integrate Application Security into the Continuous Integration/Continuous Deployment (CI/CD) pipeline, and act as the product owner of application security automation platform. This role will focus on CICD application security, automation platform, static code analysis, threat modelling. They are looking for someone with at least 5+ years of application security experience.

Responsibilities:



DevSecOps





  • Lead a team responsible for conducting static code analysis, threat modelling, and developer training program
  • Develop and execute secure software development strategy for the enterprise, including policies, standards and governance
  • Manage and design automation to integrate Application Security into various CI/CD across the enterprise
  • Develop communications program for application threats and external and internal security events
  • Improve and expand application security risk posture and processes across the enterprise
  • Create and supports metrics that report application risk posture and progress over time
  • Manage continuous release planning and execution and integrate with security design and engineering work across multiple groups and technical constituencies
  • Develop and maintain relationships across technology organization, the security industry, peer organizations and other entities as necessary to benchmark Company Application Security program and keep current in best practices
  • Build a high-performance team
  • Develop and mentor staff and managers to achieve career goals and maintain leadership succession planning
  • Leads cross-functional teams to define objectives, strategies and domain performance metrics
  • Evaluate and utilize outside consultants to support security capabilities

Qualifications





  • Bachelor's degree in related field (Business, Information Services, IT, Information Security, etc.); Master's preferred
  • 10 years of escalating managerial work-experience in a highly diversified organization. 10+ years of increasing responsibility and work complexity to include progressive management roles in large, complex organizations.
  • At least 5 years of experience with Applications Security, including familiarity with the leading toolsets supporting Application Security (dynamic and static)
  • At least 2 years of experience with product design, delivery, and ownership and threat modelling
  • Deep experience in enabling organizations with DevSecOps
  • Deep experience with establishing and executing application security strategy
  • Strong experience in static code analysis and third-party software composition analysis
  • Strong experience in establishing and rolling out Threat Modeling enterprise wide that can be consumed by developers and engineers
  • Knowledge of common information security management frameworks, including but not limited to: ISO
  • 27001/27002, ITIL, COBIT and NIST
  • Professional security management certification, such as a Certified Information Systems Security Professional
  • (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired






Reference: 889449956

Set up alerts to get notified of new vacancies.