Information Security Manager

Location: Boston, MA
Date Posted: 01-08-2018
This role is a full time permanent position with a global technology client in Boston, MA. 

The Manager of Application Security is responsible for defining and executing the application security strategy.  He or she will lead a small team of technical Security Analysts responsible for driving security quality in our customer facing applications.  The Manager of Application Security would define and drive strategic initiatives including reporting, automation, and integration with the SDLC.
  • Maintain positive and effective contact with product owners and Product Management leadership
  • Define, drive, and maintain an effective application security program
  • Document application security posture documentation and assist in customer response
  • Identify and implement improvements to application security practices
  • Work closely with product owners, developers, scrum masters, and quality assurance
  • Use influence and data to drive remediation activities
  • Assessments of SDLC processes.
  • Assist the broader Compliance and Security team with key activities including:
  •      Maintaining pertinent policies, standards, and procedures
  •      Participating in incident response activities
  •      Assist in defining risks and controls as part of our governance, risk and compliance
  •      Other security related projects according to skills
  •      Drive awareness and knowledge of security in developers
  •      Develop testing scripts and procedures
  •      Support Compliance and Security budget planning
  •      Perform other duties as assigned
Required:
  • Minimum of 1 year work experience managing others
  • Minimum of 5 years work experience in application security
  • Minimum of 1 year work experience in software development as part of a larger team
  • Minimum of 7-10 years of IT or software development experience
  • Strong ethics and understanding of ethics in business and information security
  • Proficient English language written and oral communication skills
  • Understanding and familiarity with common code review methods and standards
  • Experience with application security tools, such as SAST and DAST, including Checkmarx, Veracode, BURP, and ZAP
  • Knowledge of OWASP tools and methodologies
  • Understanding of HTTP and web programming
  • Understanding of tools used as part of the SDLC workflow including Jira, Jenkins, Selenium, TeamViewer, etc.
  • Knowledge of standard SDLC practices
  • Ability to complete tasks and deliver professionally written reports for clients
  • Ability to present findings to technical staff and executives
  • Possess current security certifications (e.g., CISSP, CEH)
Preferred:
  • Degree in either Computer Engineering, Computer Science, or Information Systems Management
  • Experience working in software development
  • Experience with vulnerability scanning tools (e.g., Qualys, Nessus, Nexpose, Saint)
  • Experience with web application vulnerability scanning tools (e.g., IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burpsuite Pro)
  • Experience with static analysis tools (e.g., IBM Appscan Source, HP Fortify)
  • Experience with high level programming languages (e.g., Java, C, C++, .NET (C#, VB))
  • Experience with web application development (e.g., ASP.NET, ASP, PHP, J2EE, JSP)
or
this job portal is powered by CATS