Lawrence Harvey has partnered with a San Francisco Bay Area Financial Services firm as they expand their security team in the U.
S.. This role plays a key part in shaping and advancing the application security program, working closely with development teams to integrate security into the software development lifecycle (SDLC) and manage vulnerabilities.
Key Responsibilities :
- Lead Application Security Program : Oversee and enhance the application security program, ensuring alignment with global security strategies and compliance with regulatory standards.
- Secure Software Development : Collaborate with development teams to embed security practices into the SDLC, including secure coding, threat modeling, and conducting code reviews.
- Vulnerability Management : Manage the identification, assessment, and remediation of application vulnerabilities through tools such as vulnerability scanning and penetration testing.
- Security Tooling & Automation : Implement and integrate security tools and automation to streamline testing, monitoring, and secure code analysis processes.
- Cross-Functional Collaboration & Training : Work with cross-functional teams to ensure security is prioritized in all projects, and lead training initiatives to raise awareness of application security among stakeholders.
Qualifications :
- Minimum of 5 years of experience in cybersecurity, secure software development, or a related area, ideally all within application security
- Bachelor’s degree in Computer Science, Information Security, or a related field
- Strong understanding of application security principles, frameworks, and standards, including OWASP, SANS, and NIST.
- Experience establishing secure coding practices, code review methodologies, and vulnerability management tools.
- Excellent problem-solving and analytical skills, with a focus on identifying and mitigating security risks.
- Strong communication and collaboration skills, with the ability to work effectively with cross-functional teams.
Preferred Qualifications :
- Experience working in a DevOps environment
- Knowledge of cloud security, particularly in AWS, Azure, or GCP environments.
- Familiarity with financial technology (fintech) regulations and standards.
9 days ago