Head of Application Security

Description

We are seeking a highly skilled and experienced Head of Application Security to join our dynamic team. This role is pivotal in driving the security of our software development lifecycle and ensuring the robustness of our applications against potential threats. The ideal candidate will have a strong background in secure software development practices, including SSDLC implementation, and a deep understanding of security risks & tools. This position reports directly to an R&D VP.

Major Responsibilities

• Lead the application security team, providing strategic direction and mentorship.
• Develop and implement a comprehensive Secure Software Development Lifecycle (SSDLC) framework.
• Oversee the integration of security practices into all phases of the software development lifecycle, including CI/CD guardrails.
• Conduct risk assessments and threat modeling to identify and mitigate potential security vulnerabilities.
• Collaborate with development teams to ensure secure coding practices and adherence to security standards, while maintaining developer productivity.
• Implement and manage security automation tools and processes to enhance the efficiency of security operations.
• Stay up-to-date on the latest security trends, vulnerabilities, and technologies to continuously improve our security posture.
• Provide expert guidance on security architecture and design for new and existing applications.
• Lead incident response efforts related to application security breaches and vulnerabilities.
• Foster a culture of security awareness and continuous improvement within the organization.

Desired Background

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Minimum of 7 years of experience in application security, with at least 3 years in a leadership role.
• Proven experience in implementing and managing SSDLC frameworks.
• In-depth knowledge of security frameworks and methodologies.
• Strong understanding of threat modeling methodologies, secure coding practices and common vulnerabilities (e.g., OWASP Top Ten).
• Proficiency in programming languages such as Java, Python, C#, or similar.
• Experience in implementing security tools and technologies such as ASPM, SAST, DAST in complex and high-scale environment.
• Excellent communication and leadership skills, with the ability and passion to drive change across the organization.
• Relevant certifications such as CISSP, CISM, or CSSLP are desirable.
• Proven experience in a similar role at another leading software development company.