Application Offensive Security Lead (Associate Director) - Real Careers

Application Offensive Security Lead (Associate Director)

Jersey City, NJ 07310

Must be a US Citizen or Green Card holder. - No Exceptions

• The Associate Director of Application Offensive Security Lead is responsible for leading, providing technical direction and strategy on all the matters related to above mentioned functions Application Offensive Security testing, AppSec Threat modeling, Manual Secure code review, and Threat hunting, Cloud and Containers.
• You will build, operate, and optimize the capabilities by combining the Application Offensive Security testing, Threat Modeling, Manual secure code review, and Advance Threat hunting techniques.
• You will be responsible for performing the Threat modeling and assess the Threats at design stage and perform manual secure code reviews to assess the code level security risks which cannot be identified by automated scanners and perform advance threat exploit techniques to prove the vulnerabilities with evidence in pre-production environment.

RESPONSIBILITIES:

• Sets strategy, provide technical direction to the Application Offensive Security team to run capabilities like AppSec Red team assessment/offensive security testing, Application Threat modeling, Manual secure code review, Advance Threat hunting techniques and Container security.
• Run day to day operations including Performing AppSec Threat modeling on the DTCC application design architectures, Manual secure code review of in-house developed and advance penetration testing techniques to identify the vulnerabilities which cannot be reported by automated SAST & DAST scanners.
• Lead a robust team of AppSec Consultants and AppSec Specialists and coordinate with various partners and vendors as part of AppSec ecosystem.
• Generate reports on assessment findings and summarizes to facilitate remediation, Document technical issues identified during security assessments applying standard CWE and CVSS classifications.
• Defines and supervises application vulnerability and coverage KPIs/metrics to demonstrate assessment coverage and remediation efficiency.
• Collaborate with Security Architects, Product Manager, Risk Managers, and other teams to deliver high quality products.
• Interacts with senior management on matters where they may need to gain acceptance on an alternate approach.
• Cultivate and manage relationships with key partners at varying organizational levels.
• Assist with executive communication to senior leadership teams on status of Application Offensive Security programs.

Benefits:

Competitive compensation, including base pay and annual incentive.

Comprehensive health and life insurance and well-being benefits, based on location.

Pension / Retirement benefits

Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

They offer a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee)

QUALIFICATIONS:

• At least 10 years of multifaceted IT experience, preferably in information security and related experience
• Bachelors Degree in related field and/or equivalent experience
• Domain specialist in several security technologies (depth) with ability to lead across enterprise Application security functions (breadth)
• Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10 and SANS Top 25), Security Testing methodologies and related tools such as Fortify, WebInspect, Burp Suite, Nexus and more.
• Programming experience with at least one of these skills: Java/J2EE, JavaScript, Python, etc. and experience in performing manual secure code review of popular web application programming languages (Java, JavaScript, Angular, Python etc.)
• Understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.)
• Experience working with DAST, SAST, and Penetration testing tools.
• Experience with Application development build pipelines, automation, and CI/CD
• A broad and deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies
• Knowledge on large scale cloud-based services, Container security and very good understanding of security challenges involved in deploying Cloud and container applications.
• Experience in facilitating technical conversations between engineering and operations teams.
• Experience in leading global teams, remote employees and evaluating team member performance and offering career development mentorship.
• Excellent verbal and written communication skills
• Experience handling relationships with and addressing senior management.
• Ability to work under stress, multitask and be flexible.
• Strong planning and project management skills
• Highly desired - one or more of the following active certifications CSSLP, CISSP, OSCP, GIAC GPEN

Required Knowledge, Skills, and Abilities: (Companies ATS Questions):

1. Do you have at least 10 years of multifaceted IT experience, preferably in information security and related experience

2. Do you have a Bachelors Degree in related field and/or equivalent experience

3. Are you a domain specialist in several security technologies (depth) with ability to lead across enterprise Application security functions (breadth)

4. Do you have exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10 and SANS Top 25), Security Testing methodologies and related tools such as Fortify, WebInspect, Burp Suite, Nexus and more.

5. Do you have programming experience with at least one of these skills: Java/J2EE, JavaScript, Python, etc. and experience in performing manual secure code review of popular web application programming languages (Java, JavaScript, Angular, Python etc.)

6. Do you have you have a understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.)

7. Do you have experience working with DAST, SAST, and Penetration testing tools.

8. Do you have experience with Application development build pipelines, automation, and CI/CD

9. Do you have a broad and deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies

10. Do you have knowledge on large scale cloud-based services, Container security and very good understanding of security challenges involved in deploying Cloud and container applications.

11. Do you have experience in leading global teams, remote employees and evaluating team member performance and offering career development mentorship.

12. Do you have strong planning and project management skills

13. Do you have - one or more of the following active certifications CSSLP, CISSP, OSCP, GIAC GPEN - Highly desired

14. Must be a US Citizen or Green Card holder. 

Application Offensive Security Lead (Associate Director)

Jersey City, NJ 07310

Must be a US Citizen or Green Card holder. - No Exceptions

• The Associate Director of Application Offensive Security Lead is responsible for leading, providing technical direction and strategy on all the matters related to above mentioned functions Application Offensive Security testing, AppSec Threat modeling, Manual Secure code review, and Threat hunting, Cloud and Containers.
• You will build, operate, and optimize the capabilities by combining the Application Offensive Security testing, Threat Modeling, Manual secure code review, and Advance Threat hunting techniques.
• You will be responsible for performing the Threat modeling and assess the Threats at design stage and perform manual secure code reviews to assess the code level security risks which cannot be identified by automated scanners and perform advance threat exploit techniques to prove the vulnerabilities with evidence in pre-production environment.

RESPONSIBILITIES:

• Sets strategy, provide technical direction to the Application Offensive Security team to run capabilities like AppSec Red team assessment/offensive security testing, Application Threat modeling, Manual secure code review, Advance Threat hunting techniques and Container security.
• Run day to day operations including Performing AppSec Threat modeling on the DTCC application design architectures, Manual secure code review of in-house developed and advance penetration testing techniques to identify the vulnerabilities which cannot be reported by automated SAST & DAST scanners.
• Lead a robust team of AppSec Consultants and AppSec Specialists and coordinate with various partners and vendors as part of AppSec ecosystem.
• Generate reports on assessment findings and summarizes to facilitate remediation, Document technical issues identified during security assessments applying standard CWE and CVSS classifications.
• Defines and supervises application vulnerability and coverage KPIs/metrics to demonstrate assessment coverage and remediation efficiency.
• Collaborate with Security Architects, Product Manager, Risk Managers, and other teams to deliver high quality products.
• Interacts with senior management on matters where they may need to gain acceptance on an alternate approach.
• Cultivate and manage relationships with key partners at varying organizational levels.
• Assist with executive communication to senior leadership teams on status of Application Offensive Security programs.

Benefits:

Competitive compensation, including base pay and annual incentive.

Comprehensive health and life insurance and well-being benefits, based on location.

Pension / Retirement benefits

Paid Time Off and Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

They offer a flexible/hybrid model of 3 days onsite and 2 days remote (onsite Tuesdays, Wednesdays and a third day unique to each team or employee)

QUALIFICATIONS:

• At least 10 years of multifaceted IT experience, preferably in information security and related experience
• Bachelors Degree in related field and/or equivalent experience
• Domain specialist in several security technologies (depth) with ability to lead across enterprise Application security functions (breadth)
• Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10 and SANS Top 25), Security Testing methodologies and related tools such as Fortify, WebInspect, Burp Suite, Nexus and more.
• Programming experience with at least one of these skills: Java/J2EE, JavaScript, Python, etc. and experience in performing manual secure code review of popular web application programming languages (Java, JavaScript, Angular, Python etc.)
• Understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.)
• Experience working with DAST, SAST, and Penetration testing tools.
• Experience with Application development build pipelines, automation, and CI/CD
• A broad and deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies
• Knowledge on large scale cloud-based services, Container security and very good understanding of security challenges involved in deploying Cloud and container applications.
• Experience in facilitating technical conversations between engineering and operations teams.
• Experience in leading global teams, remote employees and evaluating team member performance and offering career development mentorship.
• Excellent verbal and written communication skills
• Experience handling relationships with and addressing senior management.
• Ability to work under stress, multitask and be flexible.
• Strong planning and project management skills
• Highly desired - one or more of the following active certifications CSSLP, CISSP, OSCP, GIAC GPEN

Required Knowledge, Skills, and Abilities: (Companies ATS Questions):

1. Do you have at least 10 years of multifaceted IT experience, preferably in information security and related experience

2. Do you have a Bachelors Degree in related field and/or equivalent experience

3. Are you a domain specialist in several security technologies (depth) with ability to lead across enterprise Application security functions (breadth)

4. Do you have exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10 and SANS Top 25), Security Testing methodologies and related tools such as Fortify, WebInspect, Burp Suite, Nexus and more.

5. Do you have programming experience with at least one of these skills: Java/J2EE, JavaScript, Python, etc. and experience in performing manual secure code review of popular web application programming languages (Java, JavaScript, Angular, Python etc.)

6. Do you have you have a understanding of Authentication, Authorization mechanism programmatically across different web technologies and protocols (SSL/TLS, REST, OAuth, SAML etc.)

7. Do you have experience working with DAST, SAST, and Penetration testing tools.

8. Do you have experience with Application development build pipelines, automation, and CI/CD

9. Do you have a broad and deep understanding of cybersecurity threats, vulnerabilities, controls, and remediation strategies

10. Do you have knowledge on large scale cloud-based services, Container security and very good understanding of security challenges involved in deploying Cloud and container applications.

11. Do you have experience in leading global teams, remote employees and evaluating team member performance and offering career development mentorship.

12. Do you have strong planning and project management skills

13. Do you have - one or more of the following active certifications CSSLP, CISSP, OSCP, GIAC GPEN - Highly desired

14. Must be a US Citizen or Green Card holder.