Application Security Manager
Line of Service
Internal Firm Services Industry/Sector
Not Applicable Specialism
IFS - Information Technology (IT) Management Level
Manager Job Description & Summary
The Application Security Manager will play a key role in securing all software built. This position will play a key role in support application to automate application assessment through software development life-cycle integration. This individual will work with application development teams as well as 3rd party organizations to ensure that security, privacy, and compliance constraints are built into the applications. The individual should exhibit the following: strong interpersonal skills, be highly motivated, results oriented, have excellent communication and presentation skills, and be a strong team player. This role is responsible to assist developers to perform application assessment and connect them to secure coding SME on remediation advising.
- Support application security service onboarding, including life-cycle integration such as Jenkins, VSTS/TFS, and API.
- Support development team to perform application vulnerability assessments and document vulnerabilities which were found and provide recommendations for remediation according to company guidelines and industry best practices
- Support Integration of static and/or dynamic code analysis tools into SDLC
- Integrate Visual Studio plugins for secure coding tools
- Integrate, and perhaps provide best practices, for both VSTS and TFS
- Provide guidance to application groups on application security best practices
- Conduct application security assessment results review and mitigation approval
- Provide guidance to software development teams for specific CWEs identified in scans
- Support remediation effort and track open issues and follow up to ensure remediation
- Passion for application security
- 7+ years experience in application security or application development
- Bachelor's degree in Computer Science or Engineering or equivalent evidence of aptitude, with a solid understanding of common web application technologies and languages
- Experience in application security assessment tools such as Veracode, Fortify on demand or others.
- Experience with Jenkins, Azure DevOps, TFS, Azure, & Aws.
- Knowledge of the OWASP Testing Framework and OWASP Top 10
- Ability to understand security assessment report and identify false positive and security issues
- Methodical and organized; able to manage multiple opportunities, projects, and partners concurrently
- Able to multi-task and work independently with minimum supervision to meet firm deadlines
- Performs other special projects or duties as assigned
- Client facing consulting and/or technical support experience
- At least one of the following certifications: CSSLP, CISSP, CISA, CISM, SSCP, CEH
(if blank, degree and/or field of study not specified)
Degrees/Field of Study required:
Degrees/Field of Study preferred: Certifications
(if blank, certifications not specified) Desired Languages
(If blank, desired languages not specified) Travel Requirements Available for Work Visa Sponsorship? Government Clearance Required? Job Posting End Date