Manager, Application Security

May 10

Apply Now

Receive Emails with Similar Jobs

Arctic Wolf

WebsiteLinkedInAll Job Openings

The cybersecurity industry has an effectiveness problem. Every year new technologies, vendors, and solutions emerge, and yet despite this constant innovation we continue to see high profile breaches in the headlines. All organizations know they need better security, but the dizzying array of options leave resource-constrained IT and security leaders wondering how to proceed. At Arctic Wolf, our mission is to End Cyber Risk through effective security operations. To achieve this, we believe that organizations must do three key things:

Cybersecurity • Security Information Event Management • Managed Security Operations Center • Managed Security Services • Big Data Security

1001 - 5000 employees

Founded 2012

📋 Description

• Manage, lead, mentor, and coach the Application Security team and the teams they oversee, enabling the teams to consistently accomplish their objectives to quickly deliver secure software in a distributed environment. • Work with Engineering teams to define and implement the Arctic Wolf Secure SDLC, ensuring code is secure by design, secure by default, secure in deployment and communication, and automated with a multiyear roadmap. • Provide recommendations on Information Security policies and defining governance procedures for secure application development. • Implement application security tools, processes, procedures and documentation to support alignment with OWASP Top 10, Industry Standards, Current Events, compliance obligations, and Best-Practices. • Educate developers, architects, code reviewers, and others on secure coding practices and other aspects of secure software development. • Serve as the subject matter expert for Application Security, providing guidance to Team Members, Engineering and Product teams performing security reviews and assessments. • Develop standards and training for security testing tools focused on the application layer (e.g., SAST, DAST, IAST, SCA), threat modeling, penetration testing, red team, bug bounty and vulnerability management. • Help software development teams understand and remediate security findings within prescribed timelines. • Has experience researching and reviewing application vulnerabilities identified in both first- and third-party libraries and source code. • Manage the implementation, integration, configuration, and training/documentation of off-the-shelf application security technologies in the Arctic Wolf internal environment. • Contribute to a world-class security program that supports Arctic Wolf’s tremendous growth. • Gather and create Application Security performance indicators to drive delivery and program improvements.

🎯 Requirements

• Able to write clearly and succinctly in a variety of communication settings and styles; can get messages across that have the desired effect to all levels of the business – junior individual contributor through VP. • Able to effectively partner and communicate with Engineering and Product teams. • Uses rigorous logic and methods to solve difficult problems with effective solutions; probes all fruitful sources for answers; can see hidden problems; is excellent at honest analysis; looks beyond the obvious and doesn't stop at the first answers. • Generate new and unique ideas to enable secure software development; easily makes connections among previously unrelated notions; tends to be seen as original and value-added in brainstorming settings. • A Bachelor’s degree in Computer Science, Information Systems, Engineering, cybersecurity or related technical field; or equivalent experience. • 5+ years of experience in security or infrastructure engineering, including assessing and escalating to vendors for troubleshooting purposes. • Experience with and thorough understanding of modern software development practices including a thorough understanding of OWASP Top 10, OWASP ASVS, or similar frameworks. • Experience deploying application security technologies such as SAST, DAST, IAST, SCA, etc, and enabling development teams’ successful adoption. • Familiarity with cloud infrastructures, with Amazon Web Services (AWS) and/or Azure considered a strong plus. • Familiarity with containerization technologies such as Docker and/or Kubernetes is a huge plus. • Analytical and quantitative skills with proven experience in developing strategic solutions. • Significant prior experience securing large-scale SaaS applications, including performing security code reviews, vulnerability assessments, and manual testing for logic flaws. • Experience working in a regulated environment (SOX, ISO 27001, etc) and/or one or more Industry Certifications – (CISSP, CCSP, CSLP, OSCP, OSWE, GPEN, GWAPT, CEH, etc). • Experience in people or project management with successful completion of multiple security projects.

🏖️ Benefits

• Equity for all employees • Flexible time off and paid volunteer days • RRSP and 401k match • Training and career development programs • Comprehensive private benefits plan including medical, mental health, dental, disability, life and AD&D, and value-added services • Robust Employee Assistance Program (EAP) with mental health services • Fertility support and paid parental leave