We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search

Job posting has expired

#alert
Back to search results / More jobs like this
Back to search results
Capital Group jobs

Director of Application Security

Capital Group
United States, New York, New York
February 19, 2023
"I can succeed as Application Security Director at Capital Group."

We are looking for collaborative, curious, and passionate people to join our Application Security team. The team will need to build enduring processes with innovative technology. We seek to improve the safety of customer data, provide innovative, yet seamless security services to the company, contribute to the community, and create long lasting relationships.

As Application Security Director you will drive strategy around application security products and patterns that integrate with CG's Software Development Life Cycle (SDLC) and to improve the organization's risk posture. As part of this tole, you will head our application security engineering team, leading a team of highly skilled application security engineers whose principal mission is to assess and oversee the application security posture of Capital Group's production services and code. You will work closely with our development teams and senior managers and directors in our application development, technology architecture, and Global Risk Management groups to coordinate efforts, plan strategies, and align resources. You will be responsible for defining application security tooling and platform requirements and helping us scale the traditional application security model of finding vulnerabilities manually to a fully automated and autonomous system. You will be able to take advantage of this unique opportunity to make real positive impacts to our security posture, lead the strategic direction and evolution of our appsec team, and help us improve our security designs in our next gen of systems and services.

Along with leading the team, you will be responsible for analyzing information security systems, applications, and application development processes and finding vulnerabilities and areas for improvement. You will also recommend and develop security measures to protect information against unauthorized modification or loss and coordinate with development teams or third parties to fix system/application vulnerabilities or deficiencies. You and your team will review not only technical implementations but also designs, architectures, processes, and operational procedures.

Your responsibilities will include:
  • Organize and align engineering teams to drive product roadmaps by providing application security requirements that map security controls and patterns to product features.
  • Lead, manage, recruit, and develop our geographically distributed application security team. Mentor and teach junior engineers.
  • Manage a team that designs, builds, and deploys SDLC automation services to scale the identification, prioritization and remediation of security findings and bugs across all company apps and microservices.
  • Work with product teams throughout the company to provide security guidance to application and service owners to remediate known appsec vulnerabilities.
  • Develop, implement, and continuously update threat models for Capital Group's applications, architectures, and systems.
  • Use threat modeling, vulnerability scanning, code testing, and industry best practices to reduce and eliminate attack vectors and vulnerabilities in our applications, processes, and systems prior to deployment to production.
  • Continuously streamline the security testing process from beginning to end.
  • Act on escalated issues, also providing recommendations when issues need to be further escalated.
  • Partner with other engineering teams to improve SDLC processes and deliverables.
  • Be a subject matter expert and ambassador to engineering leads, lead developers, and senior managers for secure coding practices, and all aspects of applications security
  • Assist in the development and integration of security automation and DevSecOps.
  • Bring new ideas (testing methodologies, automation processes, engagement processes, monitoring/tracking systems, testing tools).
  • Update and improve existing SDLC policies and procedures.
  • Manage time and priorities for the team by prioritizing, directing effectively and focusing on optimal allocation of team resources.
  • Create quality written work products and engineering artifacts for both technical engineering and non-technical consumers.
  • Navigate successfully through ambiguous situations, helping others remain focused on achieving results.
  • Develop new security solutions, tools practices and procedures to proactively improve and implement secure development practices throughout the software development lifecycle.


Skills and qualifications:
  • Prior experience leading application security teams and programs.
  • Prior experience leading teams over multiple locations.
  • Experience with securing Continuous Integration and Continuous Deployment pipelines.
  • Deep understanding of secure development technologies, processes, and methodologies and cloud deployment strategies and architectures.
  • Comprehensive knowledge, experience, and understanding of testing for the OWASP Top 10, and CWE 25, including PoCs, automating attacks, and secure code remediation.
  • Strong understanding of Software Security Architecture and Design, SDLC, CI/CD, and the ability to clearly articulate best practices for application security.
  • Experience with Agile scrum, backlog refinement and prioritization with at least one of the common frameworks.
  • Demonstrated ability to evaluate, deploy, and manage application security tools (e.g. DAST, SAST, IAST, RASP, WAF) and build strong vendor relationships.
  • Familiarity with deployment of application architectures within AWS and Azure public cloud providers.
  • Have a formal knowledge of typical application security attack vectors, exploits and mitigations, and be able to translate and classify pen-test and assessment findings into actionable application security bugs for engineering.
  • Strong Fundamentals of Systems and Software Architecture including:
    • Secure design and threat modeling
    • API Security
    • Release and supply chain integrity
    • Programming and scripting experience
    • Application, Network, or Hardware Pen testing experience
    • Aptitude for doing threat models on complex systems


"I am the person Capital Group is looking for."
  • You have a Bachelor's degree or higher in Computer Science, Information Technology, Information Security, Software Engineering, or other technical area
  • You have at least 8-10+ years of experience in application security and development, preferably in the financial sector, including 4+ years of management experience
  • Minimum 7+ years Application development, application security, computer systems, software development, programming, or platform development
  • You listen for nuances, dig into details to understand systems deeply, and articulate technical details and risks to business leaders.
  • You can empower others to make security decisions
  • You understand and can negotiate tradeoffs between security requirements and usability
  • You communicate technical security requirements and issues clearly, without instilling fear
  • You know when to take a technical challenge on yourself, gain support, and delegate aspects of the work
  • You can problem solve and make complex analytical decisions with less than full information in ambiguous situations and environments
  • You are self-directed, very proactive, and adept at multitasking
  • You have a personal passion for security and cutting-edge security concepts.


Preferred Qualifications:
  • Masters in relevant field
  • 12+ years Application development, application security, computer systems, software development, programming, or platform development
  • CCSP, CISM, CISSP certification
  • Familiarity with industry standards and regulations such as ISO 27001/2, FFIEC CAT, NIST CSF.
  • Experience writing in one or more of the following programming languages: C/C++, Java, Ruby, Python, and JavaScript .


Southern California Base Salary Range: $233,194-$396,430

San Antonio Base Salary Range: $210,008-$357,014

San Francisco Base Salary Range: $257,135-$437,130

New York Base Salary Range: $247,218-$420,271

In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital's annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings.

You can learn more about our compensation and benefits here .

We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.

(web-54f47976f8-gs4z7)