Lead Application Security Engineer

Position Overview

At Apollo, we’re a global team of alternative investment managers passionate about delivering uncommon value to our investors and shareholders. With over 30 years of proven expertise across Private Equity, Credit and Real Estate, regions and industries, we’re known for our integrated businesses, our strong investment performance, our value-oriented philosophy – and our people.

Apollo Global Management is currently seeking a Director of Application Security to join our dynamic and distributed Cyber Security & Risk team. The Engineering team consists of over 300+ team members globally and is responsible for the firm’s technology landscape. Within Engineering, the Cyber Security & Risk team within IT oversees and manages Apollo’s cyber risk across the organization and is responsible for developing and maintaining an overall application security program.

As a director in our Cyber Security Architecture & Engineering team, you will oversee and manage the security of Apollo applications, including ensuring secure development practices, security design and architecture, and secure runtime practices and environments. This is an opportunity to define, refine, and operate a collection of application security capabilities that support an ever-increasing application portfolio.

We are looking for a candidate who thrives in a team setting, effectively collaborates with colleagues across various departments, and contributes positively to a dynamic team environment with other members of Cyber Security and the larger Global Technology teams. The ideal candidate should be adept at leveraging the strengths of diverse team members, fostering a culture of open communication, and driving joint initiatives towards successful outcomes. This is an exciting opportunity on a growing team that is investing in their people, processes, and technology. If you are looking to be a part of a team that continuously challenges itself, is committed to learning and improving, and is passionate about cybersecurity, then this could be the right opportunity for you!

Primary Responsibilities:

In this role, you will be collaborating with various development teams on a daily basis to ensure that we have a robust security mindset and plan as we deliver and maintain our application portfolio. Specific items that you would be doing include:

Application Threat Modeling:

• Perform threat modeling on applications to determine associated risks and appropriate controls.

• Understand implementation nuances and associated risk-related findings.

Application Design:

• Understand application threat models and control standards to ensure secure application design.

• Validate secure design and adoption of required security controls.

Develop and Implement Secure SDLC Processes:

• Define and implement security tools like SAST, SCA, and Secret Scanning.

• Operationalize the adoption and usage of such tools.

Application Security Awareness:

• Ensure developers and others understand secure coding and application delivery practices and expectations.

• Build out a security champion culture amongst the development teams.

Application Security Testing:

• Support application penetration testing through program development and testing execution.

• Engage in secure code reviews and overall application security assessments.

Governance and Compliance:

• Establish and enforce governance frameworks to ensure compliance with industry regulations and standards.

• Monitor and report on compliance with security policies and procedures.

Qualifications & Experience

• 8+ years of hands-on professional experience in an Application Security focused role with a background in software development (IDE/CLI). 

• Bachelor’s Degree in Computer Science, Information Technology/Security or a related field.

• Experience in working with software development teams, providing security oversight in complex application ecosystems.

• Proven expertise in IDEs, version control systems, CI/CD pipeline management, SDLC maturity, SaaS security tools (SCA, SAST & DAST) and application inventory management.

• Experience with Snyk and GitHub are a plus.

• Strong background in application architecture, security controls, cloud and penetration testing.

• Excellent collaboration, critical thinking skills and the ability to work in a dynamic environment.

• Familiarity with industry security standards and frameworks such as OWASP, NIST, ISO 27001 or MITRE ATT&CK and testing tools like Burp Suite.

• Familiarity with the regulatory environment of the financial services industry or a similarly regulated industry and its impact on application security is a plus.

• Commitment to staying informed on security trends and threats, using this knowledge to enhance security measures.

• U.S. Citizen, operate in the Eastern Time Zone and able to report to the NYC metro area office(s).  

• Professional Certifications such as CISSP, CSSLP, CASE, GWEB, CSSLP, MCSA/MCSE are a plus.

ABOUT APOLLO

Apollo is a high-growth, global alternative asset manager. In our asset management business, we seek to provide our clients excess return at every point along the risk-reward spectrum from investment grade to private equity with a focus on three investing strategies: yield, hybrid, and equity. For more than three decades, our investing expertise across our fully integrated platform has served the financial return needs of our clients and provided businesses with innovative capital solutions for growth. Through Athene, our retirement services business, we specialize in helping clients achieve financial security by providing a suite of retirement savings products and acting as a solutions provider to institutions. Our patient, creative, and knowledgeable approach to investing aligns our clients, businesses we invest in, our employees, and the communities we impact, to expand opportunity and achieve positive outcomes.

OUR PURPOSE AND CORE VALUES

Our clients rely on our investment acumen to help secure their future. We must never lose our focus and determination to be the best investors and most trusted partners on their behalf. We strive to be:

The leading provider of retirement income solutions to institutions, companies, and individuals.

The leading provider of capital solutions to companies. Our breadth and scale enable us to deliver capital for even the largest projects – and our small firm mindset ensures we will be a thoughtful and dedicated partner to these organizations. We are committed to helping them build stronger businesses.

A leading contributor to addressing some of the biggest issues facing the world today – such as energy transition, accelerating the adoption of new technologies, and social impact – where innovative approaches to investing can make a positive difference.

We are building a unique firm of extraordinary colleagues who:

Outperform expectations

Challenge Convention

Champion Opportunity

Lead responsibly

Drive collaboration

As One Apollo team, we believe that doing great work and having fun go hand in hand, and we are proud of what we can achieve together.

OUR BENEFITS

Apollo relies on its people to keep it a leader in alternative investment management, and the firm’s benefit programs are crafted to offer meaningful coverage for both you and your family. Please reach out to your Human Capital Business Partner for more detailed information on specific benefits.

Apollo Global Management LLC is an equal opportunity/affirmative action employer. The firm and its affiliates do not discriminate in employment because of race, color, religion, gender, national origin, veteran status, disability, age, citizenship, marital or domestic/civil partnership status, sexual orientation, gender identity or expression or because of any other criteria prohibited under controlling federal, state or local law.

Pay Range

Apollo Global Management, Inc. (together with its subsidiaries and affiliates) is committed to championing opportunity.

The firm and its affiliates comply with applicable discrimination and equal opportunities legislation in all of its jurisdictions and do not discriminate in employment or recruitment based on race, color, religion, gender, national origin, veteran status, disability, age, citizenship, marital or domestic/civil partnership status, sexual orientation, gender identity or expression or any other protected characteristic under applicable law.

The contents of the qualifications and experience section of this job description are a guideline only. If an applicant can otherwise demonstrate their suitability for the role they will be considered.

The base salary range for this position is listed above. This position is also eligible for a discretionary annual bonus based on personal, team, and Firm performance. Compensation ranges are based on several factors including job function, level, and geographic location. Final offer amounts are determined by multiple factors including candidate experience and expertise, and may vary from the amounts listed here.