Manager, Application Security

Description

POSITION SUMMARY:

The Application Security Manager is responsible for measures to improve and ensure the security of web applications, code, and related components in DSS Health Cloud products (including those for third-party vendors). The team provides guidance and requirements for secure development standards and training, security testing tools focused on the application layer, threat modeling, penetration testing and vulnerability disclosure programs. Application Security works in collaboration with other teams within the organization, including research and development, quality assurance, infrastructure and cloud security, vulnerability management, network security, security operations and incident response, and security assurance.

DUTIES AND RESPONSIBILITIES: 

• Develop and execute the product & application security architecture and program strategy.
• Align and periodically communicate metrics with senior leadership around the effectiveness of the application security program.
• Review source code & software/system designs and consult with stakeholders across the organization to identify and/or avoid security issues through alignment with security standards and best practices.
• Leverage your accumulated subject matter expertise of DSS’ applications, systems, and code to propose and drive architectural improvements which address classes of security flaws in the FedRAMP ecosystem and other projects such as SOC2 and HiTrust.
• Document and improve secure development lifecycle processes, standards and guidelines.
• Deliver training and provide mentoring to software developers on security topics.
• Facilitate threat modeling exercises to ensure optimized security design decisions are being made.
• Document remediation recommendations and collaborate with developers to ensure vulnerability findings are successfully and efficiently addressed.
• Participate in requirements definition and perform initial risk analysis to define a minimum standard of security for each application.
• Work with project teams to prioritize security milestones.
• Assist in the enforcement of corporate-wide information security policies, guidelines, and best practices.
• Align the overall security governance with IT architecture governance and project and portfolio management (PMO).
• Evaluate, develop, and implement secure solutions, based on approved enterprise security architectures
• Ensure changes do not create or introduce security gaps.

The preceding functions are examples of the work performed by employees assigned to this job classification.  Management reserves the right to add, modify, change or rescind work assignments and make a reasonable accommodation as needed.

Qualifications

QUALIFICATIONS:

Required:

• 4-7 years of relevant work experience.
• Experience as a senior/staff/lead security engineer in product and application security.
• Experience leading security projects and initiatives that require collaboration with teams across an organization.
• Sound understanding of application security vulnerabilities (e.g., OWASP Top 10), defense techniques and security best practices, including language-specific security practices and present-day threats.
• Experience with modern application development languages and frameworks (e.g., .NET, Node.js, Java, Python, React, Angular).
• Mature organization and time management skills.
• Project management expertise.
• Strong interpersonal and communication skills

Education:

        Required:

• Bachelor’s degree or equivalent experience.
• One or more relevant security certifications (CSSLP, CISSP, CISM, CEPT, CMWAPT, CPT, CEH, LPT, GWAPT, GPEN, GXPN, OSCP).

        Desired:

• Master’s degree, MBA.
• Experience with assessing/securing large, complex SaaS applications.
• FedRAMP and or SOC 2 knowledge.
• Two or more years of experience as a people manager.
• Use of agile methodologies for project management.
• Manual web application penetration testing experience, including the use of professional penetration testing tools.
• Strong familiarity with AWS, Docker, Kubernetes, Linux and similar infrastructure/technologies.
• Prior full time software development experience.

PHYSICAL DEMANDS:

This role can be Remote which would allow most work to be performed at home; however, the Employer is a Federal Contractor and subject to federal vaccination mandate. Employees must be fully vaccinated to come onto any of DSS, Inc’s sites or Client sites.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

If you need an accommodation seeking employment with DSS, Inc., please email jobs@dssinc.com or call (561) 284-7373. Accommodations are made on a case-by-case basis.