The Director, Application Security role is responsible for assuring secure software development across the Company enterprise.  To accomplish this, the Director must be able to understand the risks presented by discovered vulnerabilities and garner the respect of the development community by communicating issues without hype and accurately assigning the business risk severity.  In addition to understanding and articulating risks, the Director must have a passion to prevent issues by opportunistically educating developers in multiple formats ranging from formal online training to live demonstrations of recently discovered vulnerabilities.  To fulfill this purpose, talent management that allocates task assignments with an understanding of balancing efficiency with the need to keep talent engaged, challenged, and growing.

Responsibilities

• Application Identification and Review - Is responsible for maintenance, execution, and reporting of the AppSec assurance tasks from Design Review through operating a Bug Bounty program
• Standards and Policies - Owns the Application Development Security Policy and is responsible for timely updates, communication, and education
• Secure Design – Establishes security requirements early in the SDLC and contributes security subject matter expertise during the development of new projects and releases
• Tool Management – Implements and maintains cutting-edge technology to assess and protect applications and cloud environments throughout the SDLC and post deployment
• Developer Education – Keeps software engineers apprised of secure coding practices and builds strong rapport and respect with the ICE application development community while continuously improving established education programs and distilling results into meaningful metrics
• Bug Bounty Program - Operates a responsible disclosure program that appropriately incentivizes and fosters positive relationships with security researchers
• Self-Improvement - Committed to continuous education and being a recognized industry leader in Application Security
• Governance and Communication - Articulately codifies and communicates the Application Security programs through writing and discussion with all levels of the organization

Knowledge and Experience

• University degree(s) in Computer Science, Engineering, MIS, CIS, or related discipline required
• Minimum 5 years’ experience in Application Security
• Management experience of a technical team required
• Hands-on experience with information security and related technologies required
• Software engineering experience in Java, C++, Python, and/or related languages
• Experience with containerization and SDLC
• Technical expertise and understanding of AWS and/or Azure cloud platforms
• Able to Demonstrate compromise of vulnerabilities to educate and motivate development teams
• History of earning the respect and trust of developers and management
• Participation and leadership in Application Security consortia such as OWASP and ISSA