Senior Applications Security Lead
Posted on Sep 25, 2020 by Request Technology - Robyn Honquest
Senior Applications Security Lead (100% REMOTE)
Looking for a Lead Subject Matter Expert who is heavy in application security. You will have come up through development then got into security. You will have heavy security web development, CI/CD, Cloud, Java, Python, Static code, PEN testing, AWS, Containers.
- The Application Security Leader is responsible for the analysis, evaluation, and execution of an ideal application security offering that integrates development activities, information security, and the automated release methods within the CI/CD pipeline. The Application Security Leader serves as the foremost security representative who partners with our development teams, leaders, and product lines to provide consultative guidance, insight, and feedback as new technologies or products are explored. Ultimately, the successful candidate has a strong sense of development life cycles and information security, all accompanied by a highly personable and engaging communication approach. Of high importance is to note that this role is key in the app sec definition space, it requires a self-motivated individual who can execute, refine, mature, and report on a program without specific guidance or instruction. This role will serve as the application security SME and indirectly lead a virtual team of Security Champions throughout the development organization.
- As the focal person for Application Security, the individual will have robust training, experience, and background in both Information Security and the Application Development life cycles/approaches/languages/and tools. Previous experience in defining organization-wide processes and methodologies, a proven leadership/influence style, customer-service oriented demeanor, problem solving, effective reporting via metrics and indicators, and strong communications are all essential to this function.
- Additional insights, experience or background in any of the following are also of great value: NIST, ISO27001, Data Protection, Java Development, Static Code Analysis, Dynamic Code Analysis, PEN Testing, AWS, Containers, MicroServices, CI/CD Pipeline, Agile, Sprints/Scrum Masters, GitHub, Black Duck, WhiteHat, Veracode, Jira, Docker, Kotlin, cloud security and design, people leadership, process maturity, and other related focuses.