Application Security Senior Manager
Vacancy expired!
COX Enterprises - Application Security Senior Manager
Primary Location: 6305 Peachtree Dunwoody Rd, Atlanta, GA, USADivision: Cox Communications IncJob Level: Manager/Senior ManagerTravel: NoSchedule: Full-timeShift: Day JobRequisition Number: 213015 Cox Communications is looking for a Application Security Senior Manager that will report to the Senior Director of Security Architecture and Privacy. This individual will be responsible for leading a team of application security specialists in evaluating the security of in-house and third-party software, developing and executing red team exercises, and developing standards related to software and application programming interfaces (API). Current application security initiatives involve static source code analysis, dynamic application security testing, evaluation of third-party libraries for known vulnerabilities, ensuring regular secure coding training, implementing methods to manage secrets, and working with the blue team on developing exercises based on current detection capabilities. This individual will manage two direct reports along with the project-based resources performing security testing. Frequent interaction with other teams including development and security leadership will be required and the expectation is that this individual will be able to operate independently to generate subtasks that are part of the broader solutions being deployed. Successful candidates will demonstrate strong business acumen and possess a blend of general business, technology, and security competencies. Specifically, this individual will have a versatile background, critical thinking, and analytical capabilities, as well as a proven ability to bridge organizational boundaries to implement security controls and risk mitigation strategies. The individual must also possess the desire to drive efforts to their conclusion as needed. Primary Responsibilities and Essential Functions:
- Manages the pipeline for assessments to fully utilize resources while managing development team expectations
- Reviews assessment reports for accuracy and business impact; provides readouts to technology leadership and business leadership
- Identifies and implements new opportunities to improve the effectiveness and efficiency of security testing
- Develops new methods to prevent security vulnerabilities in code and detect/remediate security vulnerabilities earlier in the development cycle
- Works with the risk management team to track the remediation of vulnerabilities identified during assessments
- Engages with teams across Technology to understand their needs in order to build security into technologies and solutions
- Manages the configuration and makes decisions on the use of the following:
- Static source code analysis tools
- Dynamic application security tools
- Web application firewall
- Secrets management
- Provides weekly metrics on assessments and application security initiatives
- Develops application security standards and configurations to be implemented by project teams
- Assists as requested with security issues that might drive architectural changes
- Ensures compliance to security architecture standards and processes
- Works with cross-functional teams, supports the assessment of new security technologies, their viability, risks and creates initial points of view followed by recommendations on how they should be leveraged to enable and protect the environment
- Understands technology and product roadmaps that are influenced by evolving technologies and facilitate the continuous revisions to take future impacts into account
- Conducts research and development of new security tools and technologies to enhance and protect end customer experience
- Provides communication on relevant external security trends or events to the Cox Technology organization or broader organization, as required
- 8+ years of experience working in security architecture, design, or development across multiple domains of information security
- Direct experience managing security solution implementations
- Direct experience in utilizing and implementing Secure Software Development Lifecyle methodologies
- BS/BA in a related discipline required (i.e., Computer Science, Management Information Systems, Computer Engineering, etc.) or an additional 3 years of experience directly in security
- Experience utilizing Jenkins for builds and deployment
- Experience with security testing tools such as Veracode, Fortify, Burp Suite, and Qualys
- Familiarity with Service Orientated Architecture Governance and Application Programming Interface Management concepts and implementations
- Familiarity with Public Key Infrastructure deployments and associated services
- 2+ years practical experience developing in Java 7, Java 8, and/or PowerShell.
- Experience with enterprise single sign-on and familiarity with OAuth, SAML, or WS-Federation protocols
- Experience with cloud-based or Software as a Service security solutions
- Big Four consulting background or Fortune 500 company experience
- Telecom/Cable industry experience
- At least one relevant industry certification - CISSP, CISM, CISA
Vacancy expired!