Sr. Director, Application Security

Addison Professional Financial Search LLC
Reston, VA
Jul 12, 2019
Jul 21, 2019
Full Time
We are looking for a Sr. Director for Application Security to play a key role in our Information Security Department. This individual will handle all aspects of application security at the company as the head of the team. They will also oversee a long term plan highlighting the expansion of advanced application security tools, controls and systems, plans for staff development / career planning, rationalization of security tools and technologies, and visioning to continually implement high value transformations that enable the Application Security Team to provide exceptional services and value to IT clients. This employee must be dedicated and passionate about their position and excited to join a company at the forefront of technological advancement.Responsibilities The Senior Director, Application Security, is accountable for establishing and operating the Application Security Program, a multi-platform program responsible for delivering secure software to our customers, clients, members, and third party business partners internally and externally. The Senior Director will focus on cutthroat transformation efforts, including the uploading of applications to cloud solutions and the transformation of the development teams to a DevOps model. This individual will also head the necessary transformation of the team to support these efforts as they move from a group that performs serial software assessments to a team that focuses on developing automated testing tools and processes, standardized frameworks and standards, train other teams and perform proactive assessments of our most critical assets. The Sr. Director will function as a hands-on manager, utilizing his/her technical expertise, to be able to develop solutions him/herself and mentor other staff and teams. The candidate will be accountable for researching, designing, and engineering software security solutions (software & hardware) based upon security standards. Act as primary contact or organizational resource to respond to questions or actions related to software security audits. Confirm that technology risk considerations are identified and adequately addressed with new and modified software. Establish secure coding standards in the software development process. Identify and implement key architectural mechanisms to enhance the security of software through reuse and standardization. Develop automated solutions for software security evaluations and pen testing. Establish a 'security as code' model to maximize the team's ability to continuously assess and make security easier on capabilities. Company-wide will conduct software security reviews and assessments. Support larger architectural projects, including the implementation of Web Application Firewalls and similar perimeter defense, monitoring and alerting systems across the application portfolio. Sponsor periodic third party surgical assessments and vulnerability testing of mission-critical software. Sponsor periodic third party assessments to certify that security is adequately addressed in software delivery practices. Develop and lead software security planning for internal and external vulnerability scans and prioritize any actions for remediation. Lead software security incident reviews and track known software security issues Participate in investigations of suspected information security misuse or issues of compliance. Hire, manage, develop, and evaluate a staff of 3-5 people, including staff and contractors Develop and maintain effective working relationships Ensure corporate and team values are embraced and practices Qualifications Bachelor of Science degree or equivalent. Minimum 7+ years' experience in IT. Experience with the Build Security In Maturity Model methodology and assessment process. Ability to combine proven methodologies, tools, and best practices to ensure secure code delivery. Minimum of 3 years' experience with application and information security systems and methodologies. Knowledge and experience in all phases of SQA and release management processes and systems Demonstrated competency in strategic thinking with abilities in relationship management. Updated SSCP, CISSP or other industry certifications are desirable. PMP is also a positive but not required Knowledge of technology architectural frameworks and methodologies. Proven experience in the development of software security policies, procedures, and standards. Knowledge of risk management procedures, policy, role-based authorization methodologies, authentication technologies, and security attack pathologies. Excellent oral and written communication skills Ability to present and discuss technical information in a way that establishes good rapport, persuades others, and gains understanding. Extensive knowledge of applicable laws and regulations as they apply to security. Strong knowledge of application level security. Excellent problem solving and analytical ability. Requires use of a wireless handheld device.

Similar jobs