San Francisco, California
Job Type: FT
Rate: DOE
Director of Application Security Job Opening in San Francisco, California - Director of Application Security is currently exclusively vetting candidates for a crucial role, with one of our more notable clients. security is a core value at this institution. they help millions of people better manage their credit. safeguarding their sensitive information is critical totheir continued success. from the ceo down to each individual engineer, everyone views security as a personal responsibility. your unique mission as the director of application security is to own the technology and process controls that govern the software development lifecycle and prevent every last vulnerability class from being exploitable in production. think you can take on the challenge? send your resumes to what you'll do: ? develop and grow a team of engineers to partner with software vertical leads to ensure that every product is secure by design. ? scale the security technology and tooling platform to require less manual human intervention for easily automatable controls, and create force multipliers for engineers to maximize the value of their work. ? evangelize the team's mission, painting a clear and concise picture of the strategy and expectations of product owners and engineers about their individual roles in software security and how application security works to support them. ? report assurance metrics to vertical leads and senior leadership, demonstrating comprehensive inventory of every attack surface, the state of testing and defensive coverage of those surfaces, and a real-time accounting of open risks accrued to each vertical. ? drive application security assurance with our partners and vendors to ensure the safety of member data throughout a complex ecosystem. ? experienced every aspect of a comprehensive software security program, including the following: ? tiered training curricula for engineers and levels of formal champions ? internal and external penetration testing including public bug bounty ? static and runtime analysis tool suite, productized for engineering self-service and scaling internal and external red team ? operational controls including waf and rasp ? framework security controls that prevent engineers from introducing many classes of vulnerability ? ci/cd and artifact pipeline assurance, governing both internal code and external libraries ? threat modeling and design review practices to reinforce security-test-driven design what we expect: ? 5+ years experience leading security engineers and managing security programs. ? outstanding communication skills at all levels of the technology and product organizations, ranging from vps to individual software developers. ? strong mentorship and coaching skills, both for existing application security engineers and developing new talent pipelines inside and outside the company. ? broad technical working knowledge of application security concepts, including offensive techniques, vulnerability classes, defensive techniques, and security architecture. ? eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change. ? a fun and positive attitude! if this sounds like you, please send your resumes to
|
