Senior Application Security Leader - Hybrid, Risk & SDLC

Job Description About this role: Title: Information Security Engineering Senior Manager for our Application Security Team. In this role, you will: Manage a team of managers, of Information Security Engineers that design, document, test, maintain and provide issue resolution recommendations for highly complex security solutions related to networking, cryptography, cloud, authentication or directory services, email, internet, applications, or endpoint security Engage information security and line of business management to identify, formulate and implement information security solutions and controls Lead a large, complex information security unit or a number of smaller specialized work units with direct impact to companywide information security objectives having high risk and complexity Manage security consulting on large projects for internal clients to ensure conformity with corporate information security policy and standards Set guidelines for compliance and risk management requirements for supported area and work with other stakeholders to implement key risk initiatives Oversee resource allocations to ensure commitments align with strategic objectives Manage implementation of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management and business continuity Maintain a broad awareness of the state of information security across the enterprise and industry Influence change to information security policy, standards and procedures for systems, applications or tools Lead large, companywide projects and initiatives Represent the organization to regulators, industry groups and governmental agencies Interface with Information Security Industry Leaders, Financial industry Leaders, Analysts and Regulators Advise more experienced leadership or executive management on issues with high, critical impact on the company Manage allocation of people and financial resources for Information Security Architecture Develop and guide a culture of talent development to meet business objectives and strategy Develop and maintain key application security platforms such as: Static Application Security Testing (SAST) Software Composition Analysis (SCA) Dynamic Security Analysis Testing (DAST) Maintain relationship with 3rd party vendors and elevate any issues. Maintain visibility into industry solutions and constantly push the envelope for best-in-class capabilities. Focus on depth of security analysis, reduction of noise to developer teams, and thoughtful risk mitigation aligned to policy and the threat landscape. Manage, hire, and develop specialized application security engineers across platforms. Deliver on-time, high quality output in alignment to the Application Security product backlog in partnership with Product Managers and Product Owners. Collaborate and influence all levels of professionals including experienced managers. Manage implementation plans and proactively drive efficiency and innovation. Drive "shift-left" automated controls in the Secure Software Development Life Cycle (SSDLC) Implement ongoing product (internal and vendor) enhancements and fine-tuning of rules to increase the precision in identifying and prioritizing application security defects. Manage upgrades, resilience, continuity, and compliance with enterprise standards. Required Qualifications 6+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education 3+ years of Management experience Desired Qualifications 4+ years of Application Security engineering / Implementation experience 4+ years of experience in working experience in the following security products: Checkmarx, Checkmarx One, Fortify, Invicti, Appscan, WebInspect, Nexus, Blackduck etc. 2+ years of DevSecOps / Automation experience 5+ years Development experience in more than one language 2+ Experience managing senior security professionals. 1+ year Cloud Security (Prisma, etc.) 1+ year Security Architecture analysis Job Expectations Ability to travel up to 10% of the time Ability to work a hybrid schedule in a listed location 3 days per week on-site/in office and 2 days per week remote. 100% remote work option is not available #J-18808-Ljbffr 6AM City, LLC