Application CyberSecurity Lead Architect/Manager
Posted on Jun 18, 2019 by Request Technology
*Permanent full time role*
A prestigious company is on the search for a Manager/Leader Application Security. This individual needs to be hands on with application security and can help build their applications security function into a formally recognized service. This person needs to have come up through Java development with knowledge of .Net, Python, web and non-web applications and has experience in application security. This person will be responsible for the analysis, evaluation, and execution of an ideal application security team.
The Application Security Leader is responsible for the analysis, evaluation, and execution of an ideal application security offering that integrates development activities, information security, and the automated release methods within the CI/CD pipeline. Of high importance is to note that this role is key in the app sec definition space, it requires a self-motivated individual who can execute, refine, mature, and report on a program without specific guidance or instruction.
- Responsible for a location/department or multiple small projects.
- Accountable for the individual performance and results or that of a team.
- Has frequent contact inside and outside of location/department at various management levels and with customers/suppliers concerning operations or project delivery.
- Participates in and may lead cross- functional projects.
- Typically reports to a Sr Manager or Director. May supervise individual contributors or be an individual contributor.
- Executes against a defined department budget/P&L. Responsible for hiring and developing individual contributors.
- The suitable individual for this role is highly analytical and able to approach development/security challenges with a multi-faceted approach; understanding there are a multitude of approaches to expedite delivery timelines while enforcing security requirements along the journey.
- With enough experience and ability to grasp key technologies and security controls, this individual is empowered to make security-based decisions as needed to further enable expedient solution delivery across the organization.
- Aside from establishing the foundational requirements and associated consult, support, and analysis, this function serves to quantify and qualify security parameters in the development space for ongoing reporting.
- Additional roles will support this function to assist not only in the functions described, but to also support code scanning activity, secure-code training, incident and investigative root cause analysis support, and documentation/automations.
- Problems encountered have a limited solution set and decisions are guided by processes, procedures and business plans.
- 70% solving routine problems with precedent/30% creating new solutions.
- From an Information Security interest, this role is expected to fully grasp the concepts behind security controls and how they apply to application development, web presence and the like.
- This individual is accountable for identifying weaknesses in our security posture within the application or web space while defining methods to achieve security control requirements via automation or highly efficient means that further support timely delivery and minimal overhead.
KNOWLEDGE & SKILLS
- As the focal person for Application Security, the individual will have robust training, experience, and background in both Information Security and the Application Development life cycles/approaches/languages/and tools.
- Previous experience in defining organization-wide processes and methodologies, a proven leadership style, customer-service oriented demeanor, problem solving, effective reporting via metrics and indicators, and strong communications are all essential to this function.
- Additional insights, experience or background in any of the following are also of great value: NIST, ISO27001, Data Protection, Java Development, AppSec, Static Code Analysis, Dynamic Code Analysis, PEN Testing, AWS, Containers, MicroServices, CI/CD Pipeline, Agile, Sprints/Scrum Masters, GitHub, Black Duck, WhiteHat, Veracode, Jira, Docker, cloud security and design, people leadership, process maturity, and other related focuses.
- Role is balanced between managerial capabilities and technical expertise.
- Typically bachelors degree or equivalent experience.
- Has in-depth knowledge of the business and consults with clients/customers to attain results or solve industry problems.
- Previous project mgmt or lead experience beneficial.