Application and Product Security Manager
As the Application & Product Security Manager at Vertafore, you will provide expert technical advice for secure solutions during the design, development, selection, and vulnerability testing of applications that supporting Vertafore’s product offerings as well as applications used by the company. You will be involved in the securing of current applications and help shape the security of new and innovative products.
Role Impact:
·Review upcoming application security issues and trends, and develop recommendations for addressing such issues.
·Collaborate with various departments, consultants and other leaders to address security risks and offer risk mitigation recommendations to address product application vulnerabilities. Includes facilitating threat modeling and providing advice for security plans for new systems / applications.
·Facilitate threat modeling, application security code reviews, penetration testing, and vulnerability testing with development teams, and work with them and Product Management to resolve significant security exposures.
·Perform technical security testing of business applications and the enterprise network infrastructure.
·Develop and update security training for project consultants, developers, QA testers and product implementation teams.
·Draft security standards and guidelines. Including acceptance criteria for new information systems, upgrades, and new versions as well as suitable tests of the system(s) carried out during development and prior to acceptance.
QUALIFICATIONS
• 5 years previous experience in application security required.
• 2 years experience in software development required.
• Secure code review experience with Fortify, Veracode, and Burp preferred.
• Familiarity with Secure SDLC practices required.
• Familiarity with iOS and Android software development preferred.
• Experience with designing secure host, database, and application solutions for multi-tier systems.
• Experience with developing software on and MS .Net platforms.
• Experience with agile system development practices.
• Experience with implementation and administration of security assessment tools.
• High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgment and maturity.
• Excellent communication and interpersonal skills.