Lead Application Security

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering, or related field, or equivalent experience.
• Experience leading application security, secure SDLC, software security engineering, or related cybersecurity programs.
• Knowledge of application security testing, threat modeling, secure design, software supply chain security, and CI/CD security controls.
• Ability to influence cross-functional teams and drive risk-based remediation and secure engineering adoption.
• Experience leading people, programs, governance processes, metrics, vendors, or cross-functional security initiatives.

Nice To Haves

• Relevant security certification such as CISSP, CSSLP, GWEB, GWAPT, OSWE, or comparable credential.
• Experience building or maturing an enterprise AppSec program, including roadmap, operating model, and KPI reporting.
• Hands-on experience with AppSec tooling and practices, including SAST, DAST, SCA, API security, secrets detection, SBOMs, or cloud-native application security.
• Strong communication skills with the ability to advise senior stakeholders, engineering leaders, product owners, and development teams.

Responsibilities

• Define and mature Chevron’s enterprise application security strategy, standards, roadmap, and operating model.
• Embed secure SDLC practices, including threat modeling, secure design reviews, automated testing, and CI/CD security controls.
• Oversee application security assessments, vulnerability prioritization, remediation governance.
• Partner with engineering, cloud, DevOps, architecture, Pen Testing, Red Team, and other Threat Exposure Management teams to align coverage and drive remediation.
• Build developer enablement programs, standards, playbooks, and guidance to improve secure coding and architecture practices.
• Lead and develop the AppSec team while managing program metrics, tooling, vendors, and continuous improvement.

Benefits

• Relocation may be considered.