Job Details

ID #21749410
State Illinois
City Chicago
Job type Permanent
Salary USD TBD TBD
Source Gables Search Group
Showed 2021-10-27
Date 2021-10-26
Deadline 2021-12-24
Category Security
Create resume

Senior Manager, Application Security

Illinois, Chicago, 60601 Chicago USA

Vacancy expired!

Job Title: Sr. Manager, Application Security

Location: United States-IL-Chicago

Overview: Preferred location Chicago, IL but will consider candidates based in Georgia, North Carolina, Texas, Virginia, Maryland, Ohio or Louisiana. Must have the ability to travel to the Chicago, IL office as required.

What will your day look like? You will require technical expertise, influence, and leadership within the Information Security team. The Senior Manager, Application Security is a deeply technical Security Expert with exceptional management capabilities helping to guide and its development organizations to develop sound security development practices.

In addition, the incumbent is responsible for ensuring that the application is secure not only from the inside but also from the edge infrastructure using various tools like WAF, BOT Defense and other technologies. Considered a highly knowledgeable individual, the Senior Manager is expected to recommend programmatic controls, monitor and manage secure development practices to address modern day issues.

The Senior Manager is expected to understand basic penetration testing and also work with third party vendors to perform detailed penetration testing on digital applications. As issues are uncovered, the Senior Manager is expected to communicate with the appropriate technical and leadership teams to ensure focus on risk mitigation, allowing for business requirements while reducing 's risk exposure.

The incumbent will lead efforts to establish and improve secure SDLC activities and identify tools to integrate into the Agile development process to aid in evaluating the security of the applications by leading the application security team and giving directions as needed. When security flaws/vulnerabilities are identified he Senior Manager will follow the established processes to document, track, and work with development teams to ensure remediation. The incumbent will also lead efforts to create an appropriate application security testing plan based on features and changes scoped-in for new updates (releases) for the applications. General direction is received from the CISO.

Responsibilities:

Do you see yourself doing this?
  • Lead the Secure DevOps application security program at by building, executing, and documenting a Secure Software Development Lifecycle
  • Ownership of SAST/DAST tools and accountability for their upkeep and maintenance.
  • Application security leadership on best practices regarding security in software development, mobile application, user interface design frameworks, high performance messaging solutions and cloud-based solutions
  • Demonstrate subject matter expertise (SME) in securing both web and mobile applications against common issues (including OWASP Top 10), to include:
    • Knowledge of Common Weakness Enumeration (CWE) and Common Vulnerabilities and Exposures (CVE) and remediation recommendations
    • Familiarity of vulnerabilities and attack methods, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), SQL Injection (SQLi), etc. and how to identify, trace and remediate these vulnerabilities
  • Determines security requirements by understanding business strategies, knowing information security standards, conducting system security and vulnerability analyses and risk assessments, studying architecture/platform, identifying integration issues, and preparing cost estimates
  • Provide weekly and monthly metric reporting to the Office of the CISO for inclusion in the risk scorecard analysis provided to the Senior Executive team and Board of Directors.
  • In cooperation with corporate security governance team accountable for compliance with internal SLA and policies.
  • Research security technologies and maintain knowledge of current and emerging technologies / products / trends related to security architectural solutions.
  • Develops IT security programs and recommends necessary changes to the information security team to ensure the company's systems are fully compliant with all applicable regulatory requirements and privacy laws
  • Creates a working environment that is conducive to two-way communication, teamwork and learning.
  • Utilizes open communication and managerial courage to ensure the standards, expectations and goals of the organization are respected and upheld.
  • Acts as a change agent and drives the department and business forward using effective management, analysis and strategic skills.
  • Lead multiple teams ensuring results delivered are aligned with company business objectives and delivered within planned timelines.
  • Leads security-related projects from inception to successful completion and is capable of effectively coaching technology staff on appropriate security protocols and needs as they implement new technology into the organization.
  • Deliver superior results through quality execution and best practice adaptation
  • Demonstrate courage, ability and agility to understand and address organizational transition in real-time; establish expectations for the unexpected.
  • Translate strategic and operating plans into meaningful direction of projects, goals, priorities and activities
  • Capture, analyze, and understand the internal environment, team dynamics, and talent capabilities to address organizational refinement, agility, and growth
  • Champion Employee/Internal Customer Engagement, employee development, and all cultural hallmarks through a strong leadership signature and a growing command of 's leadership competencies
  • Work with your direct reports and help seek out growth opportunities for your reports; continually challenge them to maximize their engagement and productivity
  • Continually assess and provide discerning development, insightful coaching, and talent utilization/optimization for direct reports
  • Apply High-Performance Management practices in leading an engaged workforce to effectively leverage the full potential and talent of this function
  • Provide a structural and consistent approach to ensure that individual development plans are in place, performance management is consistent, the performance management process is respected and followed, and coaching and feedback are provided on a regular and dynamic basis
  • Help propagate messaging across the organization that fosters a broader knowledge of Information Security, promotes collaboration, and influences constructive and positive change

Qualifications:

What makes you a great fit? You'll be a great fit if in addition to the completion of a Bachelor's degree from an accredited College or equivalent combination of education and experience required, and you have:

  • 5-7+ years in application security (prefer 1-2+ prior years in development)
  • 3-5 years management experience
  • Advanced written and oral communications skills with the ability to give a program overview to senior level leadership and clients
  • Able to build and manage a professional development and training program for Application Security Engineers and Architects
  • Technical knowledge and experience performing code reviews / reviewing results of static analysis tools (preferred)
  • Foundational knowledge of NIST 800-53 and the NIST Cyber Security Framework (CSF)
  • Experience building out and operating a Secure DevOps program
  • Experience working with common commercially available and Open Source Dynamic and Static Application Security Testing solutions
  • Extensive enterprise development experience in Java and/or .NET languages (preferred)
  • Proven understanding of enterprise architectures and best practices for high-volume, high-availability web / mobile apps
  • Certified in at least one or more of the following certifications: GCIH, GPEN, OSCP, GREM, CISSP, CISA, CISM or other Incident response certifications
  • Ability to travel (less than 20%)

When you're happy, we're happy! As a thank you for joining our team, you'll benefit from:

  • Competitive medical, dental, and free vision benefits
  • Competitive compensation plan
  • Contributions towards gym memberships
  • Generous PTO and banking holidays off

Vacancy expired!

Subscribe Report job