“I can succeed as an Application Security Senior Manager at Capital Group.”
As an Application Security Senior Manager (“AppSec Engineer”) within the application security team, you will help design, confirm, and steer secure solutions for different IT initiatives within Capital Group. You’ll work in a highly technical and diverse environment. You will need a strong understanding of information security tools, threat modeling, risk assessments, software security design principles, software development lifecycle, operating systems such as Linux and Windows, computer networks, enterprise security tools, security concepts (Authentication, Authorization, etc.) and security-usability tradeoffs. The candidate collaborates with system/solution architects, network architects, software developers, system engineers, cybersecurity engineers, systems administrators, IT managers and senior managers. You will be responsible for managing a team of junior engineers and interns, building their skills, providing technical direction, mentoring the associates. Developer empathy and engineering excellence such as ability to design the constraints creatively to mitigate risks, strong technology understanding of different software and cloud platforms, programming languages, network security, databases, containers, Kubernetes, OAuth, encryption, web technologies, software architectural patterns are essential for success in this role.
You will threat model diverse systems and design security requirements collaboratively with developers, architects and business stakeholders.
You will communicate the risks in a thoughtful and balanced manner supported with data.
You will drive organizational direction towards security while meeting business objectives.
You will consistently learn and share advanced skills that promote team excellence.
You will build relationships with developers, stakeholders and scrum master’s to incorporate security principles into engineering design and deployments.
You will supervise testing and validation in application security controls across projects.
You will oversee implementation of defensive practices and countermeasures across infrastructure and applications.
You will draft and uphold CI/CD security strategy with other technical leaders.
You will serve as a point of contact for security-based escalations and remain tightly involved through resolution.
You will design and help build services and tools to enable developers and engineers to easily use security components produced by application security team members.
You will create/guide engineers to build automation that improves security of software developed using CI/CD pipeline tools
You will support the ability to “shift left” and incorporate security early on and throughout the development lifecycle.
You will find vulnerabilities in code through automated and manual assessments and promote quick remediation.
You will communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging.
You will provide risks and remediation insights to help teams architect efficiently within AWS (Amazon Web Services) and Azure as well as operating SaaS (Software as a Services) services securely.
You will promote technology collaboration by using security principles in architecture, infrastructure, and code.
You will regularly research and learn new tactics, techniques and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and design proper controls as necessary.
You will partner with teams to define key performance indicators (KPIs) and metrics across business units.
You will guide and mentor other security engineers and managers.
“I am the person Capital Group is looking for.”
You have a bachelor’s degree in computer science or related field and/or at least 12+ years’ experience in information security, application security, penetration testing, DevSecOps, network security and other security disciplines.
You have experience managing teams of engineers (5+ years) preferably with experience leading multiple teams through other managers.
You are passionate about management, leadership, and management science.
You have experience with STRIDE/other threat modeling frameworks, agile workflows, including Scrum and Kanban.
You have an understanding of containers (e.g., Docker) and container orchestration (e.g., Docker Swarm, Kubernetes).
You have a strong understanding of Cloud-native architectures including API Gateways, ELB, ECS, Lambda/Azure Functions, Terraform, Ansible, Threat modeling tools (Microsoft threat modeler, OWASP Threat Dragon), SAST, DAST, ASPM, SCA, and CI/CD Pipelines.
You are proficient in securing Windows and *nix operating systems and internals, endpoint detection and response tooling, networking protocols and devices.
You have an ability to drive business initiatives collaboratively to reduce attack surface while performing rapid, continuous implementation.
You are proficient in designing, building, and deploying complex engineering solutions.
You have expertise in programming knowledge in one or more of Java, Python, JavaScript and scripting in Bash and/or PowerShell.
Southern California Base Salary Range: $193,464-$328,889
San Antonio Base Salary Range: $174,229-$296,189
New York Base Salary Range: $205,099-$348,668
In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital’s annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings.
You can learn more about our compensation and benefits here.
* Temporary positions in Canada and the United States are excluded from the above mentioned compensation and benefit plans.
We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.