Application Security Manager

The Application Security Manager is responsible for leading the application security program, ensuring the security of software applications through close collaboration with product development teams and effective management of the application security team. This role involves developing and implementing security strategies, conducting assessments, providing guidance and training, and fostering a culture of security awareness across the organization. By partnering with development teams and leading a skilled security team, the manager ensures that applications are protected against evolving cyber threats while aligning with business objectives.

Key Responsibilities:

Application Security Program Management:

• Develop, implement, and maintain the application security program, including policies, standards, and procedures to ensure robust security practices.
• Integrate security tools, standards, and processes into the software development lifecycle (SDLC), including threat modeling and security requirements for test-driven design.
• Conduct vulnerability scans, penetration testing, and code reviews to identify and mitigate security risks in applications.
• Monitor and report on application security metrics to evaluate program effectiveness and development team performance.
• Assess and track the organization's application security maturity using established frameworks such as OWASP SAMM or BSIMM.
• Develop and execute strategies to enhance application security maturity, aligning with business objectives and risk tolerance.

Collaboration with Product Development Teams:

• Work closely with product development teams to ensure security is integrated throughout the SDLC, participating in agile ceremonies such as sprint planning, stand-ups, and retrospectives to provide security input during planning and design phases.
• Conduct security reviews of application designs and architectures, providing actionable recommendations to mitigate identified risks and vulnerabilities.
• Serve as a security advisor to development teams, offering guidance on secure coding practices, resolving disputes related to security findings, and facilitating communication between security and development teams.
• Design and deliver comprehensive training programs for development teams on secure coding practices, threat modeling, and the use of security tools, fostering a security-aware culture.
• Partner with development teams to prioritize and remediate security vulnerabilities, ensuring timely and effective resolution of identified issues.

Application Security Team Leadership:

• Lead and manage the application security team, including hiring, training, mentoring, and performance management of team members to build a high-performing security function.
• Develop and implement strategic plans for the application security program, setting clear goals and objectives aligned with organizational priorities and business needs.
• Manage the budget and resources allocated to the application security team, ensuring efficient allocation and utilization to maximize impact.
• Oversee the selection, implementation, and maintenance of application security tools and technologies, including static and dynamic analysis tools (e.g., Fortify, AppScan) and security controls such as secure web gateways (SWGs), web application firewalls (WAFs), and API gateways.
• Foster a culture of continuous learning and improvement within the team, encouraging professional development through training, certifications, and staying current with emerging security trends and technologies.
• Conduct regular performance evaluations and provide constructive feedback to team members, supporting their professional growth and development.

Requirements:

• Bachelors degree in Computer Science, Information Technology, or a related field.
• Minimum of 5 years of experience in application security, with at least 2 years in a leadership or management role.
• Proven experience in collaborating with software development teams and integrating security into the SDLC, particularly in agile or DevSecOps environments.
• Strong technical knowledge of application security principles, secure coding practices, and common vulnerabilities (e.g., OWASP Top 10, WASC TCv2, CWE 25).
• Experience with agile development methodologies and integrating security into DevSecOps practices.
• Familiarity with application security maturity models such as OWASP SAMM or BSIMM.
• Proficiency in programming languages with the ability to review and understand code to assess vulnerabilities.
• Experience with security assessment tools and techniques, including static and dynamic analysis, penetration testing, and code review.
• Relevant security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), or Offensive Security Certified Professional (OSCP) will be a plus.
• Excellent leadership, communication, and interpersonal skills, with the ability to influence and collaborate effectively across all levels of the organization, including technical and non-technical stakeholders.

What We Offer:

• Fully remote work from anywhere in the world with a flexible work schedule.
• Competitive salary and performance-based bonuses.
• 100% paid sick leave and vacation.
• Opportunity to work on cutting-edge projects with modern technologies.
• Work in a leading mining pool with in-depth industry training.
• Professional growth and development opportunities.
• A collaborative and inclusive work environment.

If you are passionate about ensuring the security of cutting-edge applications and thrive in a fast-paced, innovative environment, we would love to hear from you!

Apply today and become part of our dynamic team!