Application security director jersey city nj

Company Profile esrhealthcare.com.mysmartjobboard.com Application security director jersey City nj Experience level: Mid-senior Experience required: 10 Years Education level: Bachelor’s degree Job function: Information Technology Industry: Financial Services Compensation: View salary Total position: 1 Relocation assistance: NoJOB DESCRIPTION:The Associate Director of Application Offensive Security Lead is responsible for leading, providing technical direction and strategy on all the matters related to above mentioned functions Application Offensive Security testing, AppSec Threat modeling, Manual Secure code review, and Threat hunting, Cloud and Containers.You will build, operate, and optimize the capabilities by combining the Application Offensive Security testing, Threat Modeling, Manual secure code review, and Advance Threat hunting techniques.You will be responsible for performing the Threat modeling and assess the Threats at design stage and perform manual secure code reviews to assess the code level security risks which cannot be identified by automated scanners and perform advance threat exploit techniques to prove the vulnerabilities with evidence in pre-production environment.RESPONSIBILITIES:Sets strategy, provide technical direction to the Application Offensive Security team to run capabilities like AppSec Red team assessment/offensive security testing, Application Threat modeling, Manual secure code review, Advance Threat hunting techniques and Container security.Run day to day operations including Performing AppSec Threat modeling on the DTCC application design architectures, Manual secure code review of in-house developed and advance penetration testing techniques to identify the vulnerabilities which cannot be reported by automated SAST DAST scanners.Lead a robust team of AppSec Consultants and AppSec Specialists and coordinate with various partners and vendors as part of AppSec ecosystem.Generate reports on assessment findings and summarizes to facilitate remediation, Document technical issues identified during security assessments applying standard CWE and CVSS classifications.Defines and supervises application vulnerability and coverage KPIs/metrics to demonstrate assessment coverage and remediation efficiency.Collaborate with Security Architects, Product Manager, Risk Managers, and other teams to deliver high quality products.Interacts with senior management on matters where they may need to gain acceptance on an alternate approach.Cultivate and manage relationships with key partners at varying organizational levels.Assist with executive communication to senior leadership teams on status of Application Offensive Security programs.QUALIFICATIONS:At least 10 years of multifaceted IT experience, preferably in information security and related experienceBachelors’ Degree in related field and/or equivalent experienceDomain specialist in several security technologies (depth) with ability to lead across enterprise Application security functions (breadth)Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10 and SANS Top 25), Security Testing methodologies and related tools such as Fortify, WebInspect, Burp Suite, Nexus and more.Programming experience with at least one of these skills: Java/J2EE, JavaScript, Python, etc. and experience in performing manual secure code review of popular web application programming languages (Java, JavaScript, Angular, Python etc.)Understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.)Experience working with DAST, SAST, and Penetration testing tools.Experience with Application development build pipelines, automation, and CI/CDA broad and deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategiesKnowledge on large scale cloud-based services, Container security and very good understanding of security challenges involved in deploying Cloud and container applications.Experience in facilitating technical conversations between engineering and operations teams.Experience in leading global teams, remote employees and evaluating team member performance and offering career development mentorship.Excellent verbal and written communication skillsExperience handling relationships with and addressing senior management.Ability to work under stress, multitask and be flexible.Strong planning and project management skillsHighly desired - one or more of the following active certifications CSSLP, CISSP, OSCP, GIAC GPENABOUT: safeguards the financial markets and helps them run efficiently, in times of prosperity and crisis. We are uniquely positioned at the center of global trading activity, processing over 100 million financial transactions every day, pioneering industry-wide, post-trade solutions and maintaining multiple data and operating centers worldwide. From where we stand, we can anticipate the industry’s needs and we’re working to continually improve the world’s most resilient, secure, and efficient market infrastructure. Our employees are driven to deliver innovative technologies that improve efficiency, lower cost, and bring stability and certainty to the post-trade lifecycle. proudly supports Flexible Work Arrangements favoring openness and gives people freedom to do their jobs well, by encouraging diverse opinions and emphasizing teamwork. When you join our team, you’ll have an opportunity to make meaningful contributions at a company that is recognized as a thought leader in both the financial services and technology industries. A career is more than a good way to earn a living. It’s the chance to make a difference at a company that’s truly one of a kind. Powered by Webbtree