Atrilogy Solutions Group is working with a major client of ours in the Los Angeles area to find a Sr. Application Security Manager.
This role will be working within a small team operational environment on a large number of security projects in a technically diverse environment. You’ll be responsible for:
1) understanding business processes
2) building and implementing key security solutions; and
3) conducting and overseeing risk assessments, operational activities and technical security tasks.
Our ideal candidate will have hands-on application security experience, and experience building and managing a team of developers, security engineers and outside service providers. You are going to help protect the online services used by all domain registries and registrars worldwide.
- Close interaction with project managers and product managers to implement goals of the enterprise application security program
- Designing security features and security solutions for a wide range of corporate services
- Collaborating with business unit managers to conduct application security risk assessments
- Managing penetration tests and security reviews for core applications and APIs
- Managing and refining manual and automated application security testing processes
- Developing custom tools to test, monitor and enforce security across our applications
- Researching security vulnerability disclosures and designing appropriate mitigations
- Working with the Ops Team to identify server side vulnerabilities to facilitate patch management
- Overseeing deployment of App Sec training for development and Q/A teams
- Work within Agile Dev Teams to create application specific Evil User Stories
- Developing and documenting corporate application security policies
- Developing and managing application framework and library roadmaps
- Developing and overseeing vendor contract requirements /SLA’s / POC’s
- Coordination with Ops and Dev Teams on DB and application hardening, standardization of server images / containerization
For immediate consideration please submit your resume in Word format, along with daytime contact information. LOCAL CANDIDATES ONLY PLEASE unless you are willing to relocate yourself at your own expense. Client is unable to provide H-1B Visa sponsorship at this time. All submittals will be treated confidentially. Selected candidate may be asked to pass a comprehensive background, credit and/or drug screening. Principals only, no third parties please.
- Experience with providing project management for application security projects.
- Experience in coding applications and secure coding practices
- Excellent ability to build relationships with developers, business managers and IT engineers
- Ability to build and manage a team of technical application security architects and engineers
- Passionate about security and protecting data and services provided to our community
- Knowledge of all aspects of secure development lifecycle, threat modeling, and web application security assessments
- Knowledge and experience with both automated tools and manual techniques used to identify web application and web service vulnerabilities and attack methods including the OWASP top 10.
- Strong multi-tasking abilities with attention to detail and the ability to dive deeply into issues
- Bachelor's degree in Computer Science, Information Technology, or related field, with 12 years or related experience or a Master’s degree with 10 years of related experience.
- Have excellent verbal and written communication skills and strong command of the English language
- Be capable of carrying out complex tasks and projects to completion, with minimal supervision
- Be capable of interpreting project and task requirements and selecting appropriate methodologies to fulfill them
- Experience implementing application security frameworks such as SAMM or BSIMM
- Knowledge of common web app and web services vulnerabilities (OWASP Top 10)
- Experience with vulnerability scanning, penetration testing and risk assessments
- Relevant professional certifications from industry organizations such as GIAC, ISC2, ISACA desired
- Flexibility and interpersonal skills coupled with IT security background strongly preferred
- Experience implementing and working with defect trackers such as ThreadFix, Defect Dojo desired
Established in 2000, Atrilogy Solutions Group, Inc. provides organizations of all sizes with high-quality, cost effective information technology (IT) and business process consulting & staffing services. Our industry-leading service model combines experienced project managers with seasoned technical and functional consultants to eliminate client uncertainty and deliver superior value and results.
Clients turn to Atrilogy for expertise in:
- IT staffing and placement (Project Managers, Agile/Scrum Masters, Business Analysts, DBA’s, Software Engineers, Mobile Developers (iOS, Android), DevOps, Automation, QA, Systems & Network Engineers, Cyber Security / Information Security Specialists)
- All major ERP & CRM packages (including Oracle, Workday, PeopleSoft, JD Edwards, Lawson, SAP, Dynamics AX, Salesforce, Microsoft CRM, NetSuite)
- Business Intelligence, Data Warehousing, and Big Data Integration
- Creative (Interactive Project Manager/Art Director, Information Architect, UI/UX Designer, Web/Graphic Design)
Atrilogy has been recognized by Inc.
magazine as one of the nation’s fastest-growing, privately-held companies. Headquartered in Irvine, California, Atrilogy also has offices in Denver, Phoenix, Atlanta, and Dallas with satellite offices in Boston, Jersey City, Las Vegas, Seattle, and Delhi, India.
Atrilogy Solutions Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, protected veteran status, or any other basis protected by applicable law, and will not be discriminated against on the basis of disability.