Application Security Lead

Application Security Lead

Vistex is a global enterprise software and services company that helps businesses take control of their mission-critical processes. With a multitude of programs covering pricing, trade, royalties and incentives, it can be complicated to see where all the money is flowing, let alone how much difference it makes to the topline and the bottom line. With Vistex, business stakeholders can see the numbers, see what really works, and see what to do next – so they can make sure every dollar spent or earned is really driving growth, and not just additional costs. The world's leading enterprises across a spectrum of industries rely on Vistex every day to propel their businesses.

The Application Security Lead reports to the IT Security Manager and works closely with Vistex's Development and DevOps teams to ensure security is embedded in the design, implementation and maintenance of Vistex product services through the implement of shift-left and DevSecOps approaches

Responsibilities:

• Works closely with Development and DevOps teams to develop and enforce secure coding standards and best practices across Vistex's Development and DevOps teams.
• Collaborates with Development and DevOps teams to embed security controls into CI/CD pipelines (SAST, SCA, DAST, IaC scanning)
• Participates in design process for new products and changes to existing products to ensure that security requirements are identified, assessed and specified.
• Conducts threat modelling exercises with teams during the design process to identify risk and security requirements.
• Engages with teams to develop architecture diagrams and documentation that captures the security relevant content.
• Ensures that integration with Vistex security tools is factored into the design process.
• Participates in project meetings to track progress and conducts implementation readiness reviews to ensure specified security requirements are met and that documentation is complete.
• Conducts audits against products and platforms to ensure security coverage is complete.
• Reviews DevOps operations to ensure security best practice is followed and that any identified risks are managed.
• Engages with senior stakeholders and team leaders to build strong working relationships to ensure security requirements are met and security improvements are implemented
• Participates in risk management exercises for software development, DevOps and in AI where it is used for development or is integrated into Vistex products.
• Provides metrics on secure development maturity and performance.
• Provides assistance with analyzing application layer as required by security incident response processes/
• Maintains awareness of standard and regulatory requirements that relate to software development.
• Stays informed of the current topics in secure development and DevOps through various publications and sources.
• Supports the IT Security team in responding to development content in customer security assessments and questionnaires as required.

The compensation for this position is $120K - $140K annually. Base pay will vary depending on factors, including but not limited to, a candidate's location, job-related knowledge, skills and work experience. The compensation package may also include incentive compensation opportunities in the form of discretionary annual bonus. Vistex provides highly competitive benefits including comprehensive healthcare plan, 401(k) and paid time off, including paid volunteerism days!

The Vistex platform helps businesses finally get control of all their different promotions, rebates, SPAs, discounts, and other incentives. With so many programs across so many partner relationships, it can be impossible to see where all the money is going, let alone how much difference it is actually making to revenue. With Vistex, business leaders can see the numbers, see what really works, and see what to do next – so they can make sure every dollar they spend really is driving more growth, not just more costs. It is why global enterprises ranging from Coca-Cola to Sony to Grainger rely on Vistex every day. Vistex | Now it all adds up. ™

Qualifications

Education

Required

Associates or better in Information Technology or related field.

Preferred

Bachelors or better in Information Technology or related field.

Experience

Required

7-10 years:

Exhibits strong written and verbal communication skills (US English), interpersonal and collaborative skills Strong understanding of modern web application and API security, including OWASP Top Ten, CWE, and API-specific attack vectors Development security experience Practical experience at leading application security development programs and implementing "shift-left" practices Practical experience with working with DevOps teams to implement DevSecOps approaches Hands-on experience with application security tooling (SAST, SCA, DAST, secrets scanning, IaC scanning) and the management of findings Experience securing SaaS or cloud-native platforms Experience with multi‑tenant SaaS security design and data isolation strategies Experience with microservices, containerisation (Docker/Kubernetes), and cloud platforms (GCP/Azure/AWS) Experience with OWASP ASVS or NIST CSF frameworks Experience with OWASP ASVS or NIST CSF frameworks

Equal Opportunity Employer This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.