·         Drive the culture & initiative of secure-by-design in the area of application development
·         Lead Appsec function across the entire software development practice
·         Manage application security framework improvements 
·         Integrating security tools, standards, and processes into the product life cycle (PLC) &
software development life cycle
·         Ensuring that developers and QA personnel are trained with the appropriate level of
security knowledge to perform their daily activities
·         Improving and supporting application security tool deployments including static analysis
and runtime testing tools Improving and maintaining secure development standards
·         Supporting the incident response and architecture review processes whenever application
security expertise is needed
·         Managing penetration testing services, including both expert consulting and managed
services Providing manual penetration testing and standards gap analysis services to internal
business and technology partners
·         Managing application framework and perimeter security improvement projects
·         Supporting Vendor Security activities to ensure 3rd?party software and development
meets security standards
·         Integrating threat modeling practices into the product life cycle
·         Providing security requirements for test?driven design
·         Producing metrics reporting the state of application security programs and performance of
development teams against requirements
·         Ensuring the change & release management follows the defined processes & guidelines
for application security
·         Developing and managing the Dev Sec Ops for assurance of secure code practices across
the organization
Job Requirements
· Successful candidate will be security evangelists who can translate security concepts into
language that is meaningful to many audiences, including business and technical leaders and
individual contributors. Candidates must be able to approach application security from the
perspective of risk management and avoid purely academic thinking about software security.
Demonstrable ability to influence decision?making processes at all levels of a large organization
will be critical to success.
·         Candidate must have strong leadership skills and be effective managers of highly technical
individuals.
·         Candidate must have excellent verbal and written communication skills
·         Candidate should be familiar with waterfall and agile development processes and have
experience integrating secure development practices into both models.
·         The ideal candidate has experience writing and testing web applications and web services
in the following programming languages: Java, and JavaScript. The candidate should have
familiarity with a variety of development and testing tools, including: Eclipse, GIT, GCC, JIRA,
Subversion, Maven, ClearQuest/Case, Silk, FindBugs, HP/Fortify SCA, IBM AppScan, and HP
WebInspect
·         Candidate must be able to explain all vulnerabilities and weaknesses in the OWASP Top
10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques.
·         Strong exposure to OWASP top 10, TCv2 & MITRE
·         Hands on experience in threat modeling, SAST, DAST and web application security
·         Experience with API Eco System and API security
·         Experience with cross-platform development (iOS, Android & Web)
·         Candidate must have experience in planning multi?year roadmaps