Application Security Manager

Role Overview:

This role leads a team of specialized cybersecurity engineers focused on DevOps engineering principles. This role will be responsible for leading the activities to build, integrate and maintain the connective infrastructure that will help automate security processes throughout the various product teams' environments. This role will also be responsible for technical mentorship and people management for the team. The role will also be the primary Cyber Security contact for the product teams in terms of work prioritization and communication. The person in this role is expected to ensure that the team stays up to date on Cyber Security trends while staying well-educated on product environments, overall architecture, the tooling and technical stack of the product teams. This team will lead the triage process for cybersecurity vulnerabilities identified throughout the various product environments.

Qualification:

Education:

• Bachelor of Engineering/ Bachelor of Technology/ Master of Engineering/ Master of Technology/ Master of Science

Discipline:

• Computer Science/ Relevant engineering

Experience:

• 10 to 15 years

Job Responsibilities (Typical day in AppSec Manager's life):

• Read/learn/discuss latest trends/tools/best practices/updates of cyber security, application development, and cloud services industries.
• Perform impact and risk analysis of identified security vulnerabilities for each product.
• Create mitigation plans with product teams to resolve security vulnerabilities.
• Build tooling to automate security into the product teams' development, build, deployment, and operational processes.
• Actively contribute to story planning, identifying and providing expertise on work items that involve security considerations.
• Be On-Call for:
• Cyber security breaches
• High impact events (like a day zero effecting a team) or a breach
• Uptime disruptions caused by their contributions.
• Ensure that the team is taking ‘automation first' approach through tooling to embed security into the product teams' build processes and their products.
• Create, monitor and implement team roster for 'On-Call' duties.
• Assist and guide the team members with technical issues and investigative work.

Skills Required (AppSec Manager's superpowers):

• Cloud Platform:

  AWS, Microsoft Azure

• Development Environments:

  VSCode, JetBrains, Eclipse

• Programming Languages:

  Know at least a few languages well (Java, JavaScript/TypeScript, C++, C, Python, Powershell, unix shell, etc.)

• Infrastructure as Code:

  CloudFormation, CDK, Bicep, Terraform, Ansible, etc.

• SIEM/SOAR:

  Microsoft Sentinel, Splunk, Checkmarx

• OS:

  Linux, Windows

• Configuration Management Tools:

  Git, GitHub, GitLab, Azure DevOps

• Vulnerability Management Tools:

  Nessus Pro, Tenable IO, FireEye, CrowdStrike, Defender, SpyCloud etc.

Competencies (Who AppSec Manager is):

• Willingness to prioritize team success over individual recognition.
• Champions collaboration, knowledge sharing, and mentoring as foundational practices.
• Committed to improving DevSecOps processes through continuous learning and experimentation.
• Supports sustainable pace and actively addresses technical debt.
• Willing to work onsite one week per quarter.

Annual Goals (What AppSec Manager will be measured on):

• Direct reduction of measured security vulnerabilities via tooling
• Cycle time to mitigate vulnerabilities, assigned → closed
• When On-Call, 100% of response times under 15 minutes
• Leads annual threat modeling exercise for all products assigned