Director, Application Security

About The Position

Requirements

• Bachelor’s Degree in Arts/Sciences (BA/BS) or equivalent experience
• 10+ years in software engineering, application security, or product security
• 2+ years management experience. Highly advanced people management skills, demonstrative the ability to lead, mentor, and develop associates; including the ability to delegate key areas of responsibility.
• Deep hands-on experience writing and reviewing production code (preferably modern cloud native stacks)
• Proven experience maturing secure SDLC practices, pipelines, or developer tooling at scale
• Demonstrated ability to lead, mentor, and grow a small technical security team
• Familiarity with SAST/DAST/SCA tools, threat modeling, secure architecture patterns, and CI/CD pipelines
• Advanced project management skills. Demonstrates ability to evaluate Cyber Security project objectives and scope feasibility, gain understanding, schedule resources, and manage budget to plan.
• Advanced oral and written communication skills, demonstrating the ability to convey business terminology that is meaningful and well received by the customer.
• Advanced investigative, analytical and problem-solving skills; Ability to quickly adapt to new methods, work under tight deadlines and stressful conditions.
• Ability to work well within a team environment, participate in department/ team projects and balance detail with departmental objectives.
• Ability to resolve conflict and foster teamwork.
• Advanced ability to liaise with individuals across a wide variety of operational, functional and technical disciplines.
• Advanced ability to manage multiple projects and/or teams simultaneously.

Nice To Haves

• Master’s degree in Arts/Sciences (MA/MS)
• Experience in regulated environments (PCI, HIPAA, SOX)
• Experience with modern DevOps toolchains (GitHub, Jenkins, Azure DevOps, etc.)
• Experience driving culture change with engineering orgs (enablement > audit)
• LOMA certification

Responsibilities

• Develop and execute the enterprise application security strategy aligned to business and product outcomes
• Lead, mentor, and grow a high-performing team of application security engineers
• Define KPIs and OKRs for AppSec programs and communicate program health to senior leadership
• Embed into project delivery lifecycles to ensure teams understand security requirements up front
• Partner with architecture, product, and engineering leads to define secure architectures and patterns
• Review threat models, architecture diagrams, and design decisions, and track remediation of design risks
• Own and mature SAST/DAST/SCA tooling and secure pipeline integrations
• Standardize secure coding practices and libraries/patterns that minimize developer friction
• Oversee triage, prioritization, and drive remediation of static/dynamic findings with engineering teams
• Drive adoption of automation and self-service guardrails (e.g., pipeline enforcement, secrets scanning, etc.)
• Build strong relationships with software engineering — become a trusted advisor, not a gatekeeper
• Partner with DevOps / Platform Engineering to deploy secure pipeline standards at scale
• Partner with Risk/GRC to validate compliance with PCI, HIPAA, SOX, etc. (where applicable)
• Create educational content and workshops to level up developer secure coding capability

Benefits

• Gain valuable knowledge from and experience with diverse, caring colleagues around the world.
• Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.
• Join the bright and creative minds of RGA, and experience vast, endless career potential.