Sr. Manager Information Security Application Security

Summary

The job is for a Senior Manager of Information Security - Application Security at G-P, a remote-first employer in the Employer of Record industry. The role involves managing a team, implementing security tools, performing security activities, and securing sensitive data. The annual gross base salary range is $176,000-$220,000 plus an annual bonus opportunity.

Requirements

• 10+ years of related work experience in the Application Security field
• Strong communication and relationship building skills with a high degree of comfort speaking with developers, IT executives, and business partners
• Strong experience managing & developing a high-performance team
• Strong experience performing security focused application design reviews, threat modeling, manual code reviews, container security, and ethical hacking
• Strong experience implementing and working with SAST/DAST/SCA security tools
• Deep knowledge of security vulnerabilities, being able to identify issues, assess risk, and provide remediation guidance
• Deep knowledge of authentication and authorization options and standards
• Strong experience using common security testing tools and techniques to perform security assessments with significant expertise in either web or mobile penetration testing
• Strong experience working with developers and knowledgeable about modern web, mobile, and API development practices
• Ability to read and write code in at least one programming language
• Knowledge of CI/CD practices and experience incorporating security requirements into a SDLC

Responsibilities

• Help drive and implement the company’s application security program
• Manage a team of engineers/analysts and build resiliency into the team
• Evangelize application security fundamentals and act as a consultative partner to development teams
• Implement and leverage SAST/DAST/SCA security tools like Veracode and Snyk. Make recommendations on application security tools
• Guide and perform security activities including threat modeling and vulnerability analysis, code review, and security testing, ensuring teams are validating for OWASP Top 10 and CWE/SANS Top 25
• Triage application risks daily as identified by AppSec scanning tools to eliminate false positives and provide a well-vetted set of vulnerabilities to engineering
• Collaborate with engineering to drive the timely remediation of vetted risk and to implement creative solutions that increase operational effectiveness
• Generate, collect, and report on AppSec metrics on a regular basis
• Make recommendations on development processes and provide production application security support as needed
• Create and maintain technical documentation for the AppSec program
• Contribute to the development and delivery of security awareness and secure development training programs

Benefits

• Generous paid parental leave
• Flexible time off
• Flexible spending accounts
• Medical Insurance
• Dental Insurance
• Vision Insurance
• 401k
• Sabbatical after 5 years of service