Vulnerabilities AppSec Security Implementation Lead

Position is bonus eligiblePrestigious Financial Company is currently seeking a Vulnerabilities AppSec Implementation Lead. Candidate will be part of a team responsible for analyzing, triaging, solutioning vulnerabilities identified via Black Duck and Veracode scanning on open source libraries. This team is responsible for identifying solutions, testing out hands-on solutions across a variety of software, and working closely with the development community to implement solutions. The team is also responsible for assessing the total risk of the vulnerabilities.

• Lead a Kanban team in the capacity of a Product Owner. Also manage the Scrum Master Responsibility
• Work very closely with other product owners and development leads of other scrum teams to prioritize and influence security remediation effort for delivery
• Manage the security vulnerabilities and track the remediation plan for identification to closure across different teams
• Report to senior management on status, next steps, risks, dependencies
• Provide general guidelines for preventing commonly found vulnerabilities by defining and updating security requirements
• Interacting with project teams to seek implementation and completion of security requirements
• Documenting processes based on established guidelines
• Defining pen test plans through stories/tasks for moderately complex applications such as those deployed to Relativity platform (ADS app) or those involved in security critical workflows (e.g. authentication)
• Collaborate with development, platform automation and security teams to create and continuously improve a simple to use standardized repeatable automated application pipeline that includes testing, security and automated deployment to development and QA environments.
• Collaborate with development, platform automation, security teams, IT business management & senior IT management to create reporting, metrics and dashboards.
• Other job-related duties as assigned.

• Strong collaboration and presentation skills reaching across functional borders including technical and non-technical audiences.
• Understanding of Kanban and/or Agile methodologies.
• Hands-on experience working in Agile and DevOps cultures, focusing on process improvement and automation. Experience of working both independently and collaboratively in a fast paced, change oriented, and demanding IT environment with a strong focus on business outcomes.
• Self-starter – takes the initiative to research, learn and deliver. Anticipates the play.
• Team player – humble, collaborative, and focused on making sure the entire team succeeds.
• Familiarity with common software vulnerabilities (e.g. OWASP Top 10) and their remediation
• Deep interest in security architecture of applications and technologies (Web, Kubernetes, Network)
• Ability to follow established processes
• Ability to juggle several high visibility projects
• Ability to read code in mainstream programming languages such as Python, C#, Java

• Knowledge and experience with Security scanning tools such as Black Duck and Veracode
• Knowledge of different tools. delivery (CI/CD) tools (examples - GitHub, Jenkins, Artifactory, Docker, Docker-Compose, K8s).
• Knowledge of Product Owner role. Product Owner certification is a plus.
• Practicing Knowledge of Kanban / Scrum team mechanics with hands-on experience
• Certification of some type of Project / Program management is a plus.
• A total experience in technology and security landscape for 11 to 15 years is required.