Application Security Lead

About The Position

Requirements

• Reports to the IT Security Manager
• Works closely with Vistex’s Development and DevOps teams
• Ensure security is embedded in the design, implementation and maintenance of Vistex product services
• Implement shift-left and DevSecOps approaches
• Develop and enforce secure coding standards and best practices
• Embed security controls into CI/CD pipelines (SAST, SCA, DAST, IaC scanning)
• Participate in design process for new products and changes to existing products
• Conduct threat modelling exercises
• Develop architecture diagrams and documentation
• Ensure integration with Vistex security tools
• Participate in project meetings
• Conduct implementation readiness reviews
• Conduct audits against products and platforms
• Review DevOps operations
• Engage with senior stakeholders and team leaders
• Participate in risk management exercises for software development, DevOps and in AI
• Provide metrics on secure development maturity and performance
• Provide assistance with analyzing application layer
• Maintain awareness of standard and regulatory requirements
• Stay informed of current topics in secure development and DevOps
• Support the IT Security team in responding to customer security assessments and questionnaires

Responsibilities

• Works closely with Development and DevOps teams to develop and enforce secure coding standards and best practices across Vistex’s Development and DevOps teams.
• Collaborates with Development and DevOps teams to embed security controls into CI/CD pipelines (SAST, SCA, DAST, IaC scanning).
• Participates in design process for new products and changes to existing products to ensure that security requirements are identified, assessed and specified.
• Conducts threat modelling exercises with teams during the design process to identify risk and security requirements.
• Engages with teams to develop architecture diagrams and documentation that captures the security relevant content.
• Ensures that integration with Vistex security tools is factored into the design process.
• Participates in project meetings to track progress and conducts implementation readiness reviews to ensure specified security requirements are met and that documentation is complete.
• Conducts audits against products and platforms to ensure security coverage is complete.
• Reviews DevOps operations to ensure security best practice is followed and that any identified risks are managed.
• Engages with senior stakeholders and team leaders to build strong working relationships to ensure security requirements are met and security improvements are implemented.
• Participates in risk management exercises for software development, DevOps and in AI where it is used for development or is integrated into Vistex products.
• Provides metrics on secure development maturity and performance.
• Provides assistance with analyzing application layer as required by security incident response processes.
• Maintains awareness of standard and regulatory requirements that relate to software development.
• Stays informed of the current topics in secure development and DevOps through various publications and sources.
• Supports the IT Security team in responding to development content in customer security assessments and questionnaires as required.

Benefits

• Comprehensive healthcare plan
• 401(k)
• Paid time off
• Paid volunteerism days