The Manager, Application Engineering, Cyber Security has broad and deep technical experience in a wide variety of enterprise technologies and is the subject matter expert (SME) for concepts behind security controls and how they apply to the application engineering, configuration and deployment lifecycles. This individual provides hands-on technical leadership, e.g. design, code review, quality assurance, both to the security engineering team and collaboratively to cross-organization engineering teams. Accountable for identifying key security risks, as well as targeted and prioritized planning and implementation of respective mitigations.
The incumbent must have a service-oriented mentality, a high sense of ownership of the problems and requests assigned, a focus on managing and resolving issues in alignment with the SLAs, policies and standards, establishing and maintaining communication with technology customers to keep them updated with status of their requests, initiating and performing changes on production systems and proactively escalating any issues that cannot be resolved within the established timeframes.
Additional insights, experience or background in any of the following are also of great value: CIS, NIST, ISO27001, Data Protection, Software Engineering, Static Code Analysis, Dynamic Code Analysis, Penetration Testing, Containers, MicroServices, CI/CD Pipelines, Agile, Project Planning, Team Leadership and Management, Git, Jira, Docker, Kubernetes, Cloud Security (AWS, Azure, GCP) and design, process maturity, and other related focuses.
Primary Accountabilities
Technical (40%)
Provide hands-on technical leadership on multiple fronts, e.g. architecture, design, code review, quality assurance, directly to the security engineering team and indirectly to other engineering and/or product teams
Establish and drive adoption of design, standards, documentation and coding best practices within the security engineering team
Define, evangelize and drive security engineering best practices and improvements across organizational boundaries
Collaborate on engineering-wide initiatives as a member of the broader engineering leadership team
Drive compliance through evangelizing, partnership, and education, as well as a robust program of third-party/vendor, application, and data security reviews, threat modeling, proactive auditing and penetration testing
Develop policy, standards and other relevant documentation to guide the practical implementation of application security best practices
Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical subjects.
Design systems characterized by managed levels of risk, manageable business and technical complexity and meaningful impact; works with well-understood technology and identifies appropriate patterns.
Strategic (20%)
Integrate and collaborate with business and engineering organizations to facilitate early identification and implementation of security standards and compliance.
Proactive identification of security engineering goals and objectives, development of implementation plans to address targeted and prioritized threat mitigations.
Drive engineering innovation by producing quality code and artifacts for inter-team collaboration
Operational (20%)
Work with application development teams to ensure secure software development lifecycle (S-SDLC) implementation and validation.
Educate and train product and engineering teams.
Evaluate client needs, coordinate design for a solution, and clearly communicate the value proposition of complex and highly technical cyber security subjects.
Schedule and manage prioritized pipeline of engineering objectives and tasks and ensure timely delivery, while managing technical project risks
Train new team members on documented guidelines
Leadership (20%)
Manage and grow a team of world-class application security engineers to deliver high impact projects on schedule with high-quality
Accountable for staffing projections, year-end performance reviews, salary planning and administration, employee development and mentoring, and promoting a culture of open and honest communication, partnership, continuous improvement and opportunities.
Responsible for measuring and improving technical competence of team members.
Required Qualifications:
Bachelor of Science Degree in Computer Science, related field or relevant experience
10+ years of related work experience in security engineering, systems engineering and/or devops with a focus on information security
Or any equivalent combination of experience and training/certification that provides the required knowledge, skills, and abilities needed to complete the major responsibilities/essential functions of the position
Proven ability to lead engineering teams, particular within an Agile environment
Experience with regulatory and compliance frameworks, such as HIPAA, PCI-DSS, CCPA, GDPR
Certifications preferred. CISSP, Security +, CISM, GSLC
Strong experience in web, application, server and endpoint security
Strong experience in distributed platform development security and design
In-depth knowledge of application, platform and system security standards and best practices (OWASP, CIS, etc.)
Strong foundation in core information security principles and concepts (HTTPS, TLS, OAuth, etc.)
Experience with industry tools and technologies such as Burp, Metasploit, etc.
Strong knowledge of common languages such as Python, GO, Javascript, Java, etc.
Solid understanding of public cloud security deployment and implementation issues (AWS, Azure, GCP)
Strong knowledge of web application firewall deployment, configuration, tuning and associated infrastructure components
Understanding of audits and standards requirements such ISO 27001, PCI DSS, SOC 1 & 2, etc.
Proven expertise in enterprise-grade and web scale security solutions
Exceptional oral and written communication skills
Specific Technical Skills Needed:
Security and Risk Assessment
Aware of Security governance principles and able to apply them to the enterprise
Understands the legal and regulatory Issues relevant to the enterprise and does not place the enterprise at risk.
Security Engineering
Solid working knowledge of secure design principles
Solid working knowledge of database security
Solid working knowledge of cloud computing
Solid working knowledge of Cryptography
Identity and Access Management
Physical and logical access
LDAP
Multi-factor authentication
Session management
Credential management
Software Development Security
Solid working knowledge of software development lifecycles
Solid working knowledge of what software development methodologies are used in the enterprise and can explain what it means
Working experience with DevOps concepts
Solid working knowledge of security vulnerabilities, e.g. OWASP Top 10, and understands how the following work: Bounds checking, Input/output validation, Buffer overflow, Privilege escalation
Solid working knowledge of secure coding practices
Solid working knowledge of application security testing, e.g. OWASP WSTG and/or ASVS
Solid working knowledge of web application firewall deployment, configuration, tuning and maintenance, including associated infrastructure resources and architecture, e.g. DNS, HTTP server, TLS
Solid working knowledge of code repositories
Individual Competencies:
Integrity: Gains the trust of others by taking responsibility for your own actions and telling the truth.
Teamwork: Builds relationships and works collaboratively with others, inside and outside the organization, to accomplish objectives to build and maintain mutually-beneficial partnerships, leverage information and achieve results.
Adaptable: Responds to change with a willingness to learn new ways to accomplish work objectives with a positive attitude.
Innovative: Ability to develop, sponsor, or support the introduction of new and improved methods, products, procedures or technologies.
Curious: A desire to inquire and learn, to seek new knowledge and wisdom, and to listen to the contributions of others with a genuine interest to better self, the team, and the organization.
Analytical and Critical Thinking: Ability to tackle a problem by using a logical, systematic, sequential approach.
Problem Solving: Gathers and analyzes information to generate and evaluate potential solutions to problems, issues and challenges while weighing the accuracy and relevance of the facts, data and information.
The physical demands described here are representative of those that must be met by an associate to successfully perform the major job responsibilities (essential functions) of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the major job responsibilities. This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the job.
While performing the duties of this job, the associate is:
Regularly required to use hands to finger, handle or feel objects, tools or controls, and reach with hands or arms.
Regularly required to talk or hear and read instructions on a computer monitor and/or printed on paper.
Occasionally required to stand, kneel or stoop, and lift and/or move up to ## pounds.
Regularly required to view items at an extremely close range and must be able to adjust and readjust focus.
Safety:
Support a safe work environment by following safety rules and regulations and reporting all safety hazards.
As an Inmar Associate, you:
Put clients first and consistently display a positive attitude and behaviors that demonstrate an awareness and willingness to listen and respond to clients in order to meet their short-term and long-term needs, requirements and exceed their expectations.
Treat clients and teammates with courtesy, consideration and tact; you also have the ability to perceive the needs of internal and external clients and communicate effectively with the objective of delighting and retaining the client.
Build collaborative relationships and work cooperatively with others, inside and outside the organization, to accomplish objectives, develop and maintain mutually-beneficial partnerships, leverage information to achieve results.
Set and attain achievable, yet aggressive, goals with a sense of urgency and accountability.
Understand that results are important and focus on turning mission into action to achieve results following the principles of Flawless Execution while consistently complying with quality, service and productivity standards to meet deadlines and exceed expectations by giving our clients the best possible outcome.
We are an Equal Opportunity Employer, including disability/vets.