Previous Job
Previous
Application Security Manager
Ref No.: 18-12954
Location: Jersey City, New Jersey
The Application Security Associate Director is responsible for managing the day to day activities related to the security governance track of the Application Security Assurance Team (ASAP). The person in this role should possess application software expertise, along with excellent communication, project management and organizational skills. The position requires exposure to application security vulnerabilities, different application security testing methodologies and related application security tools.

This role is responsible for the security governance and ensure adherence application security control and risk analysis of applications in System Development Process/SDLC. This include internally developed applications, 3rd party developed application, COTS, Free Open Source Software (FOSS).

The position requires expertise of application security risk, cloud architecture, application threat modeling, policy writing and familiar with regulatory standards such as ISO 27002 and FS-ISAC. Additional responsibilities include managing project plans for new initiatives, working with team members regarding team metrics and assistance with the distribution of weekly and monthly status reports.

Interaction with developers and security mavens to provide guidance, best practices and technical assistance in addressing application security issues will be part of the responsibility. Managing monthly security maven's meetings and coordinating training for development staff.

• Collaboratively work with Application Development/Security Mavens and guide them to follow the Security gates set in the SDL.
• Evaluate internal Technology Risk Processes as it relates to App Pentest, FOSS, Fortify SCA and provide process governance as well as though leadership concerning adjusting to future needs
• Liaison with customer relation and team responsible to address the external requests related to AppSec
• Coordinate security training for development staff with SATEC and LTM
• Coordinate Security Mavens training and manage monthly meetings
• Manage and update Key Performance Indicators (KPI's) for the Application Security Assurance Program
• Coordinate with team members and TRM policy management to ensure control standards and policies are up to date
• Manage the application security threat modeling process and coordinate application threat models against Client applications
• Liaison with various internal teams (Application Development, IT Architecture, Corp. Procurement Services, Source Code Management, IT Asset Management) for Application security initiatives and automation efforts
• Manage new projects and initiatives related to application security as needs arise
• Evangelize application security within the firm and work with Application Development Security Mavens to incorporate new program direction into applications
• Coordinate with ASAP team members to track internal audit and regulatory assessments and address requests related to the Application Pentest, SAST and FOSS
• Conduct presentations on application security topics for TRM and AD management
• Provides regular status updates on all assigned tasks and deliverables.
• Maintains issue logs, tracks/follows up on problems. Mitigates risk by following established procedures and monitoring controls, spotting key errors and demonstrating strong ethical behavior.

• Feedback: Seeks feedback from others, provides feedback to others in support of their development, and is open and honest while dealing constructively with criticism.
• Delegating: Effectively manages tasks and people, taking a practical approach to determine the most effective method of execution while respecting others' expertise and considering others' feelings and working styles.
• Inclusive Leadership: Values individuals and embraces diversity by integrating differences and promoting diversity and inclusion across teams and functions.
• Coaching: Understands and anticipates people's needs, skills, and abilities, in order to coach, motivate and empower them for success.
• Team Building: Builds teams by quickly establishing relationships and drives a team identity and shared purpose based on diversity of thought, skills and personalities.

• Good understanding the Software Development Life Cycle Methodologies such as Waterfall, Agile
• Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10), Security Testing methodologies and related tools such as Fortify, WebInspect, BurpSuite.
• Programming experience (C/C++, Java/J2EE, JavaScript, AJAX, PHP, Visual Studio etc.,) will be an added advantage.
• Good Knowledge and familiarity with Operating system administration – Windows & Linux
• Project Management Certification such as PMI a plus. Technical certifications such as CISSP, CISM a positive.