Application Security Manager (People Leader)

Your opportunity

As the Application Security Manager (PL) in Schwab Cybersecurity Services you will be responsible for developing and overseeing an organization's application security program, ensuring security measures are integrated throughout the software development lifecycle (SDLC), by leading security assessments, identifying vulnerabilities, and working with development teams to mitigate risks and implement security best practices across all applications within the company; essentially acting as the primary guardian of application security within the organization. 

Key Responsibilities:

• Strategy and Policy Development:

• Establish and maintain application security policies, standards, and guidelines aligned with industry best practices. 

• Develop a comprehensive application security strategy to identify and prioritize security risks. 

• Create and implement application security awareness training programs for developers and other stakeholders. 

• Security Assessment and Vulnerability Management:

• Conduct regular security assessments of applications, including SAST scanning,  code reviews, and threat modeling. 

• Identify and prioritize vulnerabilities discovered during security assessments. 

• Work with development teams to remediate vulnerabilities and track remediation progress. 

• SDLC Integration:

• Collaborate with development teams to integrate security practices into the entire software development lifecycle (SDLC). 

• Champion secure coding practices and promote the use of security tools within the development process. 

• Team Leadership and Mentorship:

• Manage and mentor a team of application security engineers. 

• Develop and maintain the technical expertise of the application security team. 

What you have

Required Skills and Qualifications:

• Deep understanding of application security principles, vulnerabilities, and mitigation strategies 
• Expertise in secure coding practices and common web application security threats 
• Experience with security assessment tools and methodologies (e.g., penetration testing, static code analysis) 
• Knowledge of software development lifecycle (SDLC) and Agile methodologies 
• Strong communication and collaboration skills to work effectively with development teams 
• Leadership and ability to influence stakeholders at all levels 
• Relevant security certifications (e.g., CISSP, CISM, CISA, OSCP, OWASP) 

Education:

Bachelor’s degree in computer science preferred