Director, Application Security (Cybersecurity Defense)

About The Position

Requirements

• Ideally targeting individuals with 10+ years of experience in cybersecurity, with a focus on application security, secure development, or DevSecOps.
• Deep expertise in application security testing methodologies (SAST, DAST, SCA, IAST) and secure development practices, strongly preferred.
• Strong understanding of application and API security, cloud-native architectures, and modern development frameworks.
• Experience leading application security programs across large, complex organization, preferred.
• Strong understanding of cybersecurity frameworks (e.g., NIST CSF, OWASP, ISO 27001) and regulatory requirements.
• Demonstrated ability to collaborate with cross-functional teams and influence executive stakeholders.
• Strong leadership, communication, and problem-solving skills.

Responsibilities

• Lead the enterprise application security strategy aligned with cybersecurity, risk management, and business objectives.
• Establish governance frameworks to embed security into the software development lifecycle (SDLC) across all application domains.
• Collaborate with enterprise architecture, engineering, and product teams to align application security with technology strategies and transformation initiatives.
• Serve as an advisor to executive and business leadership on application security risks, priorities, and investment decisions.
• Drive a secure-by-design culture across development and engineering teams.
• Oversee application security capabilities across Pharma, Medical, and Commercial Technology segments, ensuring consistent implementation of security practices.
• Define segment-specific requirements and approaches to address unique regulatory, operational, and risk considerations.
• Ensure alignment of application security practices across segments while enabling flexibility to support business-specific needs.
• Drive standardization of processes, tooling, and reporting across segment application security teams.
• Oversee enterprise application security testing programs, including SAST, DAST, SCA, and IAST across all application environments.
• Ensure vulnerabilities are identified, assessed, prioritized, and remediated during the development lifecycle prior to deployment.
• Establish secure coding standards and integrate security controls into CI/CD pipelines and development workflows.
• Collaborate with development teams to reduce application security technical debt and improve code quality.
• Oversee implementation of runtime security controls for applications and APIs, including WAF, API gateways, and runtime monitoring solutions.
• Ensure security requirements are embedded into application and API design, deployment, and operational processes.
• Collaborate with engineering and infrastructure teams to enforce runtime protections aligned with enterprise architecture.
• Monitor runtime risks and coordinate mitigation efforts across application environments.
• Lead development and integration of application security tooling, including configuration, onboarding, and operational management.
• Define use cases, policies, and detection logic for application security tools to ensure effective coverage and scalability.
• Drive integration of application security tools into CI/CD pipelines and DevSecOps workflows.
• Ensure application security tooling aligns with enterprise security architecture and standards.
• Collaborate with Security Architecture teams to define secure design patterns, reference architectures, and application security standards.
• Ensure application security requirements are incorporated into solution design and architecture reviews.
• Partner with engineering teams to implement secure development lifecycle (SDLC) practices and controls.
• Support evaluation of new technologies and architectures to ensure alignment with security requirements.
• Ensure application security practices align with regulatory requirements, compliance standards, and enterprise risk management frameworks.
• Provide application security oversight for audits, regulatory assessments, and compliance reporting.
• Collaborate with risk and compliance teams to translate application security risks into enterprise risk insights.
• Support remediation of identified risks and ensure alignment with risk tolerance and governance processes.
• Define and track KPIs and KRIs related to application security posture, vulnerability management, and SDLC integration.
• Provide regular reporting to executive leadership on application security risks, trends, and program effectiveness.
• Leverage data and analytics to drive continuous improvement in application security practices and outcomes.
• Identify opportunities to enhance automation, efficiency, and scalability of application security processes.
• Collaborate with application development, product, IT, security operations, and business teams to integrate application security into enterprise processes.
• Partner with Cyber Detection & Response to ensure application security findings are integrated into monitoring and incident response workflows.
• Engage with segment leaders to align application security initiatives with business priorities and risk considerations.
• Support M&A activities by assessing and integrating application security controls for acquired applications.
• Build and lead a high-performing application security organization with expertise across secure development, testing, and runtime protection.
• Ensure alignment of team capabilities with evolving technologies, threats, and business needs.

Benefits

• Medical, dental and vision coverage
• Paid time off plan
• Health savings account (HSA)
• 401k savings plan
• Access to wages before pay day with myFlexPay
• Flexible spending accounts (FSAs)
• Short- and long-term disability coverage
• Work-Life resources
• Paid parental leave
• Healthy lifestyle programs