Sr. Manager, Application Security

About The Position

Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science or related field or equivalent experience/certification
• 7+ years of experience in Information Technology/Security including:
• 4+ years Security/Technology leadership
• 2+ years as a team lead or manager in a security role response for managing security assessments, risk management, and compliance efforts for production systems.
• 2+ years of experience in software/system release management, with a focus on security validation
• Expertise across AppSec testing modalities (SAST, DAST, IAST etc)
• Expertise with SCA SDLC tooling and repository integration
• Proficiency in GitHub, JIRA, ServiceNow, Jenkins, Harness
• Strong understanding of OWASP and MITRE CVE/CWE
• Ability to drive cross-functional workflow integration and prioritization

Nice To Haves

• Relevant certifications (CISM, CISSP, CSSLP)
• Application Development and Process expertise
• Proven experience across AppSec tooling vendors
• Excellent written and verbal communication / presentation skills
• Proven leadership experience in highly regulated environments, with strong project management skills.

Responsibilities

• Lead day-to-day operational execution of AppSec programs
• Collaborate on Strategy formulation and execution.
• Strengthen SER/AppSec integration
• Drive prioritization frameworks and alignment with enterprise objectives
• Establish repeatable, automated AppSec processes
• Represent AppSec in cross-functional governance forums
• Increased automation and repeatability. Shifting tooling integration left.
• Clear metrics and reporting covering: operational, security and strategy perspectives
• Implement initiatives for secure opensource consumption and artifact management
• Monitor and assess application security risks
• Develop and track security metrics
• Recommend mitigation strategies
• Provide technical leadership regarding tooling integration, process definition and execution
• Ensure AppSec work is well-communicated and visible
• Deliver concise reporting to stakeholders
• Mentor AppSec team members
• Translate complex technical concepts for non-technical audiences
• Coordinates and implements work and projects as assigned.
• Generates and provides accurate and timely results in the form of reports, presentations, etc.
• Analyzes information and evaluates results to choose the best solution and solve problems.
• Develops specific goals and plans to prioritize, organize, and accomplish work.
• Sets and tracks goal progress for self and others.
• Monitors the work of others to ensure it is completed on time and meets expectations.
• Provides direction and assistance to other organizational units’ policies and procedures, and efficient control and utilization of resources.

Benefits

• All positions offer a 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts.
• Full-time positions also offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave and educational assistance.