Manager, Application Security
SAN MATEO, CALIFORNIA, UNITED STATES
Weare looking for an extremely talented Manager/Sr. Manager tojoin our Application Security Team. You will be managing a dynamicteam of Application Security Professionals based in the United States and Indiawho are responsible for maintaining and extending all aspects of ApplicationSecurity
CoreResponsibilities:
o Manage and grow our dynamic team ofApplication Security professionals
o Continuously improve and expand theapplication security landscape
o Maintain, support and extend ourapplication security tooling, standards, and processes, including but notlimited to SAST, DAST, WAF, RASP
o Participate in development andoperational design reviews with a focus on application security
o Evaluate new security technologiesand make recommendations to strengthen the overall security posture across suiteof applications
o Maintain, improve, and be a championof Secure Software Development Lifecycle (SSDLC) methodologies, processes andstandards
o Plan and incorporate threat modelingpractices into our product design life cycle
o Work closely with the OperationsSecurity team to review and define best practices
o Support compliance audits throughevidence gathering and interviews
o Work closely with the ProductManagement team and different stakeholders to define and influence theApplication Security roadmap
o Produce metrics reporting the stateof application security programs and performance of development teams against requirements
o Track vulnerability issues to ensureremediation based on our defined SLA
Requirements:
o Must have a minimum of 2 years ofleadership experience managing at least 3 direct reports
o Must have a strong background inApplication Security
o Must have a great understanding ofOWASP Top10, CWE/SANS 25
o Knowledge of identity managementtools, SAML, OIDC, and SSO
o Knowledge of OAuth 2, client-serverauthentication, server-server authentication
o Good understanding of one or more ofthe following programming languages: Ruby, Go, Java, TypeScript/JavaScript,Python, or C/C++
o Knowledge of SSL/TLS and how it helpssecure transmission of data
o Past experience developing secure webapplications or microservices
o Being able to influence othersthrough collaboration and thought leadership
o Experience designing, estimating, andleading the implementation of complex systems
o Proven ability to work independentlyand take projects from design to delivery
o Self-motivated, passion for learning,strong communication skills
o Bachelor's or Master's degree inComputer Science (or equivalent), or equivalent experience
ExtraConsideration:
o Knowledge of compliance requirements:HIPAA, PCI, SOX, FedRAMP, SOC, etc
o Knowledge of current cryptographyalgorithms, such as AES, BCrypt, Argon2
o Presented security-related topics atconferences or meet-ups
o Demonstrated knowledge ofsecurity/access control, scalability, high availability
o Open source project contributions