Application Security Manager
Gravity IT Resources
To Apply for this Job Click Here
Job Title: Application Security Manager
Location: Utah
Job-Type: Permanent
Salary Range: 120K – 140K
Referral Fee: $1,000
Employment Eligibility: Gravity cannot transfer nor sponsor a work visa for this position. Applicants must be eligible to work in the U.S. for any employer directly (we are not open to contract or “corp to corp” agreements).
Position Overview:
The Application Security Manager will be a hands on leader of a team of Information Security Application Engineers tasked with advancing a Secure SDLC program. In this role you will build and foster the team’s abilities to collaborate and achieve security outcomes, manage the team’s project and operational activities in coordination with the Solutions Engineering team, advocate and advance goals of the application security program, lead application security reviews, deliver reports that enable understanding and remediation of security
Duties & Responsibilities:
- Lead the application security effort and team
- Guide team members’ daily project and operational activities
- Interact with the Engineering team to advocate secure SDLC activities
- Manage and mature the application security program through direct interactions
- Work with architects and engineers to review and design security requirements
- Interact with sprint teams on security related issues, such as secure code reviews, threat modeling, coding patterns, and security awareness
- Determine and report on secure SDLC metrics
- Participate in security operations activities, with an emphasis on source code and runtimes
- Review patch and vulnerability notifications as issued
- Vulnerability discovery, validation, and remediation tracking
- Collaborate with IT teams to design remediations and shepherd through to completion
- Monitor for and review indicators of compromise from various systems
- Contribute to design, planning, and implementation of security related projects
- Write, review, and update security documentation, respond to audit requests
Required Experience & Skills:
- Ability to read, understand, and discuss code (preferred experience with ideally C#, Python, React, Angular)
- Security knowledge and experience (understand OWASP Top 10)
- Application architecture understand and experience: Full stack understanding (data layer, application run-time, etc.)
- Ability to manage/lead other App Sec Engineers
- Certifications: CISSP or CSSLP – current or willing to obtain within a year
- Five years of software development, engineering, or architecture work experience
- Experience with threat modeling methodologies, ideally STRIDE
- Ability to integrate security principles and techniques, such as IAM, defense in depth, least privileged access, and vulnerability management into development and delivery processes
Nice to Have Experience:
- At least one skillset and experience related security focused certification
- Experience implementing governance models, such as NIST CSF or ISO 27001
- Experience with Agile project management techniques
- Financial industry experience
- Experience with regulated environments such as PCI, HIPAA, GLBA, SOX, FFIEC
- Experience with relational database design and SQL query language