Application Security Technical Program Manager

About The Position

Requirements

• Bachelor's Degree AND 4+ years experience in engineering, product/technical program management, data analysis, or product development OR equivalent experience.
• 2+ years of experience managing cross-functional and/or cross-team projects.

Nice To Haves

• 7+ years of combined technology administration/management, technical risk management, technical risk consulting, and/or software development/engineering work experience.
• Experience with a broad range of technologies including cloud computing, networking, cloud application design and development tools/processes, and common cloud-based application architectures.
• Experience with data security concepts, such as Application Security Testing, Vulnerability Assessment, or Information Systems Audit.
• Bachelor’s degree in Information Technology, Cybersecurity, or Business Management.
• Certifications: Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH), or other discipline specific certifications.

Responsibilities

• Vulnerability Identification and Mitigation: Regularly assess security, identify vulnerabilities, and work with development teams to remediate them. This involves activities like code review, dynamic testing, and threat modelling
• Threat Modeling: Analyze software systems to identify potential threats and vulnerabilities. Create threat models that outline potential attack vectors and help prioritize security efforts.
• Secure Code Review: Review code written by developers to identify security flaws, adherence to coding standards, and best practices. Ensure that security is integrated into the development lifecycle.
• Security Testing: Perform various security tests, including static analysis (SAST), dynamic analysis (DAST), and interactive analysis (IAST), to identify and uncover vulnerabilities in applications.
• Provide technical guidance for Application onboarding activities and support application developers in navigating the review process.
• Design and develop roadmaps and priorities for the Assurance program as it applies to tools and services built in MCAPS.
• Lead and identify cross-organizational teams to create and maintain tool security guidance.
• Build positive working relationships with stakeholders and leadership, and act as a trusted advisor within MCAPS.
• Work closely with various engineering organizations and tool owners to support their programmatic initiatives to shift left the Assurance function in the development cycle.
• Design and implement process improvements to the Application Risk Assessment program.
• Assist with the tools and technology review and assessment processes to identify data protection and compliance-related gaps.
• Embody our culture and values.