Application Security Manager job description

JOB DESCRIPTION

Mastech Digital is an IT Staffing and Digital Transformation Services company.

Application Security Manager

Quick Apply

Location: Jersey City, NJ

Job Code: 167431

Posted: Jul 06, 2018

Description:
Mastech Digital provides digital and mainstream technology staff as well as Digital Transformation Services for leading American Corporations. We are currently seeking an Application Security Manager for our client in the Banking and Financial Services domain. We value our professionals, providing comprehensive benefits, exciting challenges, and the opportunity for growth. This is a Contract position and the client is looking for someone to start immediately.

Duration: 5 Months Contract

Location: Jersey City, NJ

Compensation: Best Market Rates

Role: Application Security Manager

Primary Skill: CISSP

Role Description: The Application Security Manager would need to have at least 10+ years of experience. The Application Security Associate Director is responsible for managing the day to day activities related to the security governance track of the Application Security Assurance Team (ASAP).

For this role, you should possess application software expertise, along with excellent communication, project management and organizational skills. The position requires exposure to application security vulnerabilities, different application security testing methodologies and related application security tools.

In this role, you are responsible for the security governance and ensure adherence application security control and risk analysis of the Organization’s applications in System Development Process/SDLC. This includes internally developed applications, 3rd party developed application, COTS, Free Open Source Software (FOSS).

You must have expertise of application security risk, cloud architecture, application threat modeling, policy writing and familiar with regulatory standards such as ISO 27002 and FS-ISAC. Additional responsibilities include managing project plans for new initiatives, working with team members regarding team metrics and assistance with the distribution of weekly and monthly status reports.

You will interact with the organization's developers and security mavens to provide guidance, best practices and technical assistance in addressing application security issues will be part of the responsibility. Managing monthly security maven’s meetings and coordinating training for development staff.

Specific Responsibilities:

- Collaboratively work with Application Development / Security Mavens and guide them to follow the Security gates set in the Organization’s SDL.

- Evaluate internal Technology Risk Processes as it relates to App Pentest, FOSS, Fortify SCA and provide process governance as well as though leadership concerning adjusting to future needs

- Liaison with customer relation and team responsible to address the external requests related to AppSec

- Coordinate security training for the Organization’s development staff with SATEC and LTM

- Coordinate Security Mavens training and manage monthly meetings

- Manage and update Key Performance Indicators (KPI’s) for the Application Security Assurance Program

- Coordinate with team members and TRM policy management to ensure control standards and policies are up to date

- Manage the application security threat modeling process and coordinate application threat models against the Organization’s applications

- Liaison with various internal teams (Application Development, IT Architecture, Corp. Procurement Services, Source Code Management, IT Asset Management) for Application security initiatives and automation efforts).

- Manage new projects and initiatives related to application security as needs arise

- Evangelize application security within the firm and work with Application Development Security Mavens to incorporate new program direction into applications

- Coordinate with ASAP team members to track internal audit and regulatory assessments and address requests related to the Application Pentest, SAST and FOSS

- Conduct presentations on application security topics for TRM and AD management

- Provides regular status updates on all assigned tasks and deliverables.

- Maintains issue logs, tracks/follows up on problems.

- Mitigates risk by following established procedures and monitoring controls, spotting key errors and demonstrating strong ethical behavior.

- Performs related duties as required

Leadership Competencies for this level include:

- Feedback: Seeks feedback from others, provides feedback to others in support of their development, and is open and honest while dealing constructively with criticism.

- Delegating: Effectively manages tasks and people, taking a practical approach to determine the most effective method of execution while respecting others’ expertise and considering others’ feelings and working styles.

- Inclusive Leadership: Values individuals and embraces diversity by integrating differences and promoting diversity and inclusion across teams and functions.

- Coaching: Understands and anticipates people's needs, skills, and abilities, in order to coach, motivate and empower them for success.

- Team Building: Builds teams by quickly establishing relationships and drives a team identity and shared purpose based on diversity of thought, skills and personalities.

Qualifications:

- Minimum of 10+ years of related experience

- Bachelor's degree preferred with Masters or equivalent experience

- Must have strong interpersonal skills to work with different teams within and outside of the organization

- Good understanding the Software Development Life Cycle Methodologies such as Waterfall, Agile

- Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10), Security Testing methodologies and related tools such as Fortify, WebInspect, BurpSuite.

- Programming experience (C/C++, Java/J2EE, JavaScript, AJAX, PHP, Visual Studio etc.,) will be an added advantage.

- Good Knowledge and familiarity with Operating system administration – Windows & Linux

- Project Management Certification such as PMI a plus. Technical certifications such as CISSP, CISM a positive.

Education: Bachelor’s degree in Computer Science, Electrical/Electronic Engineering, Information Technology or another related field

Experience: Minimum 10+ years

Relocation: This position will not cover relocation expenses

Travel: N/A

Local Preferred: Yes

Recruiter Name: Preeti Sharma

Recruiter Phone: 412.436.0333 (Ext: 2304)

Equal Employment Opportunity

Quick Apply

COMPANY

Mastech Digital provides IT associates in digital and mainstream technologies, Digital Transformation Services around Salesforce.com and SAP HANA, as well as Digital Learning Services. Mastech is listed on the NYSE under the symbol MHH.

CORPORATE HEADQUARTERS

1305 Cherrington Parkway
Building 210, Suite 400
Moon Township, PA 15108

OTHERS

Terms and Conditions
Privacy Policy

LET’S GET IN TOUCH

Toll-free: +1 800.627.8323
Phone: +1 412.787.2100
Fax:    +1 412.494.9272

EMAIL US

experience@mastechdigital.com

Quick Apply

Your Email Address

Select Resume

^*Up to 4mb: .docx,.doc, .pdf, .txt, .rtf, .htm files only.

	Quick Apply
Location:	Jersey City, NJ
Job Code:	167431
Posted:	Jul 06, 2018
Description:	Mastech Digital provides digital and mainstream technology staff as well as Digital Transformation Services for leading American Corporations. We are currently seeking an Application Security Manager for our client in the Banking and Financial Services domain. We value our professionals, providing comprehensive benefits, exciting challenges, and the opportunity for growth. This is a Contract position and the client is looking for someone to start immediately. Duration: 5 Months Contract Location: Jersey City, NJ Compensation: Best Market Rates Role: Application Security Manager Primary Skill: CISSP Role Description: The Application Security Manager would need to have at least 10+ years of experience. The Application Security Associate Director is responsible for managing the day to day activities related to the security governance track of the Application Security Assurance Team (ASAP). For this role, you should possess application software expertise, along with excellent communication, project management and organizational skills. The position requires exposure to application security vulnerabilities, different application security testing methodologies and related application security tools. In this role, you are responsible for the security governance and ensure adherence application security control and risk analysis of the Organization’s applications in System Development Process/SDLC. This includes internally developed applications, 3rd party developed application, COTS, Free Open Source Software (FOSS). You must have expertise of application security risk, cloud architecture, application threat modeling, policy writing and familiar with regulatory standards such as ISO 27002 and FS-ISAC. Additional responsibilities include managing project plans for new initiatives, working with team members regarding team metrics and assistance with the distribution of weekly and monthly status reports. You will interact with the organization's developers and security mavens to provide guidance, best practices and technical assistance in addressing application security issues will be part of the responsibility. Managing monthly security maven’s meetings and coordinating training for development staff. Specific Responsibilities: - Collaboratively work with Application Development / Security Mavens and guide them to follow the Security gates set in the Organization’s SDL. - Evaluate internal Technology Risk Processes as it relates to App Pentest, FOSS, Fortify SCA and provide process governance as well as though leadership concerning adjusting to future needs - Liaison with customer relation and team responsible to address the external requests related to AppSec - Coordinate security training for the Organization’s development staff with SATEC and LTM - Coordinate Security Mavens training and manage monthly meetings - Manage and update Key Performance Indicators (KPI’s) for the Application Security Assurance Program - Coordinate with team members and TRM policy management to ensure control standards and policies are up to date - Manage the application security threat modeling process and coordinate application threat models against the Organization’s applications - Liaison with various internal teams (Application Development, IT Architecture, Corp. Procurement Services, Source Code Management, IT Asset Management) for Application security initiatives and automation efforts). - Manage new projects and initiatives related to application security as needs arise - Evangelize application security within the firm and work with Application Development Security Mavens to incorporate new program direction into applications - Coordinate with ASAP team members to track internal audit and regulatory assessments and address requests related to the Application Pentest, SAST and FOSS - Conduct presentations on application security topics for TRM and AD management - Provides regular status updates on all assigned tasks and deliverables. - Maintains issue logs, tracks/follows up on problems. - Mitigates risk by following established procedures and monitoring controls, spotting key errors and demonstrating strong ethical behavior. - Performs related duties as required Leadership Competencies for this level include: - Feedback: Seeks feedback from others, provides feedback to others in support of their development, and is open and honest while dealing constructively with criticism. - Delegating: Effectively manages tasks and people, taking a practical approach to determine the most effective method of execution while respecting others’ expertise and considering others’ feelings and working styles. - Inclusive Leadership: Values individuals and embraces diversity by integrating differences and promoting diversity and inclusion across teams and functions. - Coaching: Understands and anticipates people's needs, skills, and abilities, in order to coach, motivate and empower them for success. - Team Building: Builds teams by quickly establishing relationships and drives a team identity and shared purpose based on diversity of thought, skills and personalities. Qualifications: - Minimum of 10+ years of related experience - Bachelor's degree preferred with Masters or equivalent experience - Must have strong interpersonal skills to work with different teams within and outside of the organization - Good understanding the Software Development Life Cycle Methodologies such as Waterfall, Agile - Exposure to the Application Security Vulnerabilities (as listed in OWASP Top 10), Security Testing methodologies and related tools such as Fortify, WebInspect, BurpSuite. - Programming experience (C/C++, Java/J2EE, JavaScript, AJAX, PHP, Visual Studio etc.,) will be an added advantage. - Good Knowledge and familiarity with Operating system administration – Windows & Linux - Project Management Certification such as PMI a plus. Technical certifications such as CISSP, CISM a positive. Education: Bachelor’s degree in Computer Science, Electrical/Electronic Engineering, Information Technology or another related field Experience: Minimum 10+ years Relocation: This position will not cover relocation expenses Travel: N/A Local Preferred: Yes Recruiter Name: Preeti Sharma Recruiter Phone: 412.436.0333 (Ext: 2304) Equal Employment Opportunity

	Quick Apply

Quick Apply

Your Email Address
Select Resume
	^*Up to 4mb: .docx,.doc, .pdf, .txt, .rtf, .htm files only.