Senior Manager, Application Security
Atlanta, GA 30338 | Scout
- Work with the software engineering, product management, and application security teams to scope, plan and execute application-level penetration testing.
- Provide to periodic status reports on security testing activities.
- Mentor and support the developers on how to write good security unit tests and promote good security testing frameworks.
- Work with 3rd party penetration testing tools to deliver faster results, but also mentor your team to develop its own code when special needs come up, e.g. develop a Burp Suite extension to sign tampered requests.
- Perform peer penetration testing with your team members.
- Invest in team’ s professional development, by mentoring, training, CTF, security conference participations, etc.
- Evangelize proactive approaches for providing testing abuse cases for QA teams.
- Present penetration testing findings to engineering and product teams, and provide acceptable solutions by all parties.
- Perform security research related to company’ s business, and work with the innovation hub to provide solutions to the risks/vulnerabilities discovered.
- Attend information security conferences.
- Must be a leader and inspire people.
- 2+ years of experience managing a global security team.
- 5+ years of experience in information and application security and software engineering.
- 5+ years of proven record of penetration testing. Less years of experience to be considered if contributed to CVEs or appeared on a bug bounty program hall of fame.
- Be self-driven and able to work independently.
- Programming experience with several mainstream languages, e.g. C#, Java, C, C++, Python etc.
- Comfortable working in Windows/Linux OS and networking including network configuration, scripting, permissions management, etc.
- Good communication & excelling working in a collaborative team environment.
- CISSP, CSSLP, or OSCP certifications.
- Understanding of Retail, Hospitality and FinTech business processes and analysis.
- Familiarity with Coverity, WhiteHat Security, Contrast, Seeker, and Whitesource.
- Familiarity with build systems as Jenkins and TFS.
- Familiarity with bug tracking systems as Jira and TFS.
- Public speaking in information security conferences, e.g. BlackHat, DefCon, BSides, etc.
- Knowledge in P&L management.