Head of Application Security / Director or Executive / San Diego, Palo Alto, or Los Angeles
Los Angeles, California
Open to Remote
Full Time
$200k - $265k
Our Client is a global fashion and lifestyle e-retailer committed to making the beauty of fashion accessible to all.
Position Summary
We're seeking a full-time Head of Application Security for our Los Angeles or San Diego-based corporate offices or our San Francisco (Palo Alto) hub.
The Head of Application Security, a senior executive residing within GSRM, is responsible for leading the overall strategy, execution and roadmaps of application security and the entire secure software development lifecycle. This position will lead the team of engineering and SDL experts and work with technology and business partners and units to mitigate application risks.
This leader should have a deep technical understanding of the full SDL lifecycle and extensive experiences in code audit and application security testing. This role will coordinate with application and system developers and owners on all aspects of SDL lifecycle through planning, feasibility analysis, design, development, testing to implementation and operations.
Job Responsibilities
Position Summary
We're seeking a full-time Head of Application Security for our Los Angeles or San Diego-based corporate offices or our San Francisco (Palo Alto) hub.
The Head of Application Security, a senior executive residing within GSRM, is responsible for leading the overall strategy, execution and roadmaps of application security and the entire secure software development lifecycle. This position will lead the team of engineering and SDL experts and work with technology and business partners and units to mitigate application risks.
This leader should have a deep technical understanding of the full SDL lifecycle and extensive experiences in code audit and application security testing. This role will coordinate with application and system developers and owners on all aspects of SDL lifecycle through planning, feasibility analysis, design, development, testing to implementation and operations.
Job Responsibilities
- Oversee the application security team, consisting of direct and indirect reports (including full time employees, contractors, MSS staff and external service providers personnel). This includes hiring, training, career development, and performance management.
- Lead all aspects of SDL and application testing disciplines, including but not limited to threat modeling, application risk assessment, vulnerability management, SAST and DAST tooling, attack surface monitoring, and application penetration testing.
- Develop and manage security budget forecast, expense, and technology, service and vendor roadmaps.
- Liaise with external agencies, such as law enforcement, standards and technology organization, advisory bodies and industry and peer working groups as necessary, to ensure that the organization maintains a strong application security posture and technical congruency.
- Work directly with development teams to facilitate code audit, solution requirements and technology roadmaps to ensure compliance with industry and regulatory standards.
- Establish credibility throughout the organization by earning the reputation for being a proactive senior leader and change agent.
- Sustain high-availability service levels and ensure fulfillment of business-wide service levels and operational support objectives.
- A minimum of 10 years of experience in global scale cyber security and development environment with strong focus in a DevSecOps eco-system and building security into the CI/CD pipeline, with at least 5 years of direct people management experience.
- Possess a Bachelor’s degree or higher in the field of Engineering, Computer Science, Business Analytics, or equivalent advance technology field of study
- Must be skilled at mentoring and motivating staff, communicating goals and other corporate initiatives and driving to results
- Strong knowledge of programming languages, software development lifecycle, and security testing skills with ability to work through complex application footprint and derive characteristics of risk scenarios
- Experience building application security metrics, attack surface monitoring, and incident response strategies and playbooks in the technology industry.
- Experience with change management lifecycle, development and regular preparation of management status and key metrics reports
- Should have strong experience working with technical teams on developing advanced risk engines, algorithms and models for threat detection
- Ability to translate complex application security threats from a technical perspective to business-line understanding and execution
- Ability to manage extremely technical staff and work in a matrix organization
- Must be a strong communicator with exceptional verbal and written communication skills to translate the vision and strategy into clear priorities and direction, both internally and externally.
- Healthcare (medical, dental, vision, prescription drugs)
- Health Savings Account with Employer Funding
- Flexible Spending Accounts (Healthcare and Dependent care)
- Company-Paid Basic Life/AD&D insurance
- Company-Paid Short-Term and Long-Term Disability
- Voluntary Benefit Offerings (Voluntary Life/AD&D, Hospital Indemnity, Critical Illness, and Accident)
- Employee Assistance Program
- Business Travel Accident Insurance
- 401(k) savings plan with discretionary company match and access to a financial advisor
- Vacation, Paid holidays and sick days
- Employee Discounts
Posted by: John Bellon