This Job Vacancy has Expired!

Vulnerabilities AppSec Security Implementation Lead

Request Technology - Craig Johnson

Posted on Mar 26, 2022 by Request Technology - Craig Johnson

Coppell, TX 75019
Immediate Start
Annual Salary

*Position is bonus eligible*

Prestigious Financial Company is currently seeking a Vulnerabilities AppSec Implementation Lead. Candidate will be part of a team responsible for analysing, triaging, solutioning vulnerabilities identified via Black Duck and Veracode scanning on open source libraries. This team is responsible for identifying solutions, testing out hands-on solutions across a variety of software, and working closely with the development community to implement solutions. The team is also responsible for assessing the total risk of the vulnerabilities.


  • Lead a Kanban team in the capacity of a Product Owner. Also manage the Scrum Master Responsibility
  • Work very closely with other product owners and development leads of other scrum teams to prioritize and influence security remediation effort for delivery
  • Manage the security vulnerabilities and track the remediation plan for identification to closure across different teams
  • Report to senior management on status, next steps, risks, dependencies
  • Provide general guidelines for preventing commonly found vulnerabilities by defining and updating security requirements
  • Interacting with project teams to seek implementation and completion of security requirements
  • Documenting processes based on established guidelines
  • Defining pen test plans through stories/tasks for moderately complex applications such as those deployed to Relativity platform (ADS app) or those involved in security critical workflows (eg authentication)
  • Collaborate with development, platform automation and security teams to create and continuously improve a simple to use standardized repeatable automated application pipeline that includes testing, security and automated deployment to development and QA environments.
  • Collaborate with development, platform automation, security teams, IT business management & senior IT management to create reporting, metrics and dashboards.
  • Other job-related duties as assigned.


  • Strong collaboration and presentation skills reaching across functional borders including technical and non-technical audiences.
  • Understanding of Kanban and/or Agile methodologies.
  • Hands-on experience working in Agile and DevOps cultures, focusing on process improvement and automation. Experience of working both independently and collaboratively in a fast paced, change oriented, and demanding IT environment with a strong focus on business outcomes.
  • Self-starter takes the initiative to research, learn and deliver. Anticipates the play.
  • Team player humble, collaborative, and focused on making sure the entire team succeeds.
  • Familiarity with common software vulnerabilities (eg OWASP Top 10) and their remediation
  • Deep interest in security architecture of applications and technologies (Web, Kubernetes, Network)
  • Ability to follow established processes
  • Ability to juggle several high visibility projects
  • Ability to read code in mainstream programming languages such as Python, C#, Java

Technical Skills:

  • Knowledge and experience with Security scanning tools such as Black Duck and Veracode
  • Knowledge of different tools. delivery (CI/CD) tools (examples - GitHub, Jenkins, Artifactory, Docker, Docker-Compose, K8s).
  • Knowledge of Product Owner role. Product Owner certification is a plus.
  • Practicing Knowledge of Kanban/Scrum team mechanics with hands-on experience
  • Certification of some type of Project/Program management is a plus.
  • A total experience in technology and security landscape for 11 to 15 years is required.

Education and/or Experience:

Bachelors or Masters Degrees in Computer Science, Information Systems or other related field. Or equivalent work experience.

Reference: 1542010558

Set up alerts to get notified of new vacancies.