Experian is hiring a
Director of Application Security

Summary

The Director of Application Security will lead the direction and delivery of application security services at Experian, ensuring compliance with software security policies and engaging with business leaders. The role involves strategic guidance for SDLC and product delivery, working with cloud-based platforms, and staying abreast of emerging security threats.

Requirements

• 8+ years' of direct experience in application security, with experience in leadership in designing, implementing, and managing security programs for cloud-based platforms at large product companies
• 5+ years' of managerial experience
• Deep technical expertise across multiple technical domains, including cloud computing, security, and identity and access management
• Experience with automated workflows in CI/CD, DevOps, or DevSecOps environments
• Experience using tools enabling automated workflows, such as Jenkins, Gitlab, TFS, Github, etc
• Experience with modern delivery methodologies, including Agile and DevSecOps
• Experience working with Generative AI, especially securing AI workloads
• Understanding of cloud computing technologies and security principles, particularly in AWS, Azure, or GCP environments
• Technical background in security architecture and application security
• Experience with business and technical requirements, analysis, business process modeling/mapping, methodology development, and data mapping
• Experience in risk management methodologies as they relate to integration/software testing
• Experience leading teams focused on Application Security, including application scanning, manual pen testing, threat modeling, offensive security, and software security architecture
• Writing and documentation skills
• Knowledge of applicable data privacy practices and laws
• Four-year college diploma or university degree in computer science or computer engineering, or 5+ years' of equivalent work experience
• Professional certification such as CISSP, CCSP or CCSK, Cloud Platform and Infrastructure are a plus
• Working knowledge of standard industry cybersecurity requirements and regulatory requirements such as OWASP, HIPAA, HITRUST, ISO 27001, NIST 800-53, and PCI-DSS
• Willing to travel globally

Responsibilities

• Lead the direction and delivery of application security services
• Ensure compliance with software security policies for new applications and Experian's legacy estate
• Engage with business leadership (CTOs and CIOs) to ensure strategy is understood, agreed upon, and implemented across all Experian Regions
• Collaborate directly with engineering leaders to integrate security into the product development lifecycle
• Provide strategic guidance for SDLC and product delivery, including security design and architecture, secure coding standards, security testing and remediation, application threat modeling, DevOps and DevSecOps integration (CI/CD) security, automated product security testing, container security testing
• Communicate security policies, standards, processes, and guidance on newly identified security threats and vulnerabilities
• Lead security assessments and audits
• Develop and mentor a high-performing team, setting clear goals and promoting a culture of innovation

Benefits

• Great compensation package and bonus plan
• Core benefits including medical, dental, vision, and matching 401K
• Flexible work environment, ability to work remote, hybrid or in-office
• Flexible time off including volunteer time off, vacation, sick and 12-paid holidays