We are looking for a Head of Application Security to establish and manage our information and cyber security team. You will be responsible for the application security and software security. Partnered with R&D, DevOps, and in charge of securing payments code and products for high-profile clients in a leading company.

Job description

• Application threat modeling
• Work closely with Product, R&D, and DevOps teams to define high-level and detailed security requirements for various features.
• Build, maintain, and improve AppSec processes & tools.
• Work with R&D teams to review code for security vulnerabilities (manual and automated)
• Perform periodic application level penetration tests on major features and versions.
• Evaluate the security posture of various 3rd party tools, libraries, and vendors from an application security perspective.
• Drive and track the progress of security bug resolution with R&D and DevOps teams.
• Work on RFP and audit responses as needed

Preferred Qualifications

• BS degree in Computer Science or a related technical field or equivalent experience in the security domain (600 hrs courses)
• Holds Cissp \ Cism \ OSCP \ OSWA certification - Advantage
• Manage an application security team - 3 +years experience
• 4+ years of experience in the hands-on application security field including Threat modeling & SDLC process.
• Offensive application experience - Advantage
• Deep knowledge of common application level vulnerabilities and mitigation (OWASP top 10, SANS 25, etc).
• Strong manual code review skills in Java script node.js and C#
• Good knowledge of secure coding best practices and the ability to guide R&D teams on how to write secure code.
• Experience with SAST tools
• Familiarity with Docker containers, Kubernetes, etc
• Excellent verbal/written communication and data presentation skills, including experience communicating with both business and technical teams.
• Self-motivated work well independently and with others

#LI-IG1

#LI-hybrid