Manager, Secure SDLC (J00135415)
We are seeking a highly motivated and experienced Manager of Application Security Services to join our Security Engineering team. This team works closely with the Security teams to identify, design, build, and improve application security processes and tools to continuously improve security. Your subject matter experience, business acumen, and ability to influence stakeholders across the product and engineering teams will make you successful.
You should have strong problem-solving skills, excellent communication skills, an understanding of modern Internet threats, and the ability to influence people from customers to managers by creating win-win solutions. You should be open to new challenges, extremely good at multitasking, innovative, creative, self-directed and a great team player. You will drive continuous process improvement, and collaborate effectively with aggressive cross-functional business and software development teams to solve problems and implement new solutions. You must be able to work with multiple engineering teams to manage the execution of Product Security Reviews.
What you’ll do:
- Establish Secure Systems Development Life Cycle (SDLC) practices including threat modeling and security testing
- Perform security reviews for new products, technologies and services.
- Collaborate with security engineers to define and document secure development practices and requirements to enable secure product development
- Partner with multiple teams across multiple locations with varying sets of priorities to ensure a timely delivery of the secure solution.
- Clarify and drive project commitments as well as establish and maintain clear chains of accountability.
- Lead internal security projects, including the development and implementation of internal tools with end-to-end ownership
- Security training and outreach to internal development teams
- Collaborate with security experts to develop robust security guidance documentation
- Identify opportunities for development of security assurance tools, automation and manage development efforts
- Security metrics delivery and improvements
What you’ll need:
- Bachelor degree in Computer Science, Engineering or related fields
- Minimum of 5 years of professional experience in managing technical programs or projects including architecture, design, or implementation
- 2+ yrs of experience with any cloud service offerings (Google, AWS , Azure) and related security controls
- 3+ yrs of experience with and a strong foundational understanding of secure software engineering principles, distributed architectures
What will set you apart:
- Ability to communicate deep technical issues in terms of business risk with non-experts and senior leaders
- Ability to lead through influence within a secure development life-cycle for multiple products and technologies, meeting customer expectations for security
- Experience implementing security solutions that resolve security and business risk trade-offs
- Experience working with stakeholders across many functions
- Familiar with the implementation of enterprise’s SDLC process, have work experience in building secure SDLC for IT companies
- Familiar with black box testing methods and paths, able to independently complete source code auditing work, have hands-on experience in security design checklist;
- Familiar with at least one programming language such as Java, Python, PHP, go, C, etc., and proficient in reading design documents and related codes
We offer comprehensive compensation and healthcare packages, 401k matching, paid time off, and organizational growth potential through our online learning platform with guided career tracks.
If this sounds like somewhere you want to work, don’t delay, apply today – we’re looking for you!
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
To apply for this job please visit careers.equifax.com.