Director, Application Security

Sorry, this job was removed at 9:55 a.m. (MST) on Monday, April 29, 2024
Find out who’s hiring remotely
See all Remote jobs
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

Bonterra exists to propel every doer of good to their peak impact. We measure that impact against our vision to increase the giving rate as a percentage of GDP from 2% to 3% by 2033. We know that this goal is lofty, but we are confident that the right technology and expertise will strengthen trust in the sector, allowing the social good industry to accelerate growth and reach peak impact. Bonterra's differentiated, end-to-end solutions collectively support a unique network of over 20,000 customers, including over 16,000 nonprofit organizations and over 50 percent of Fortune 100 companies. Learn more at bonterratech.com.
Summary
Do you love to stay up to date on the latest application security attacks, trends, and news? Do you love to try and poke holes in applications? Are you the type that tries to see if you can put a SCRIPT tag in a first name field? Are you detail oriented, passionate, and committed to continual development? If so, read ahead!
What You'll Do

  • Report directly to the CISO while heading up Application Security to champion a comprehensive application security program founded on the same engineering principles as our R&D counterparts including secure development throughout the CI/CD pipeline.
  • This role will own Application Security across all of Bonterra, and will span public cloud, data center, and hosting infrastructure security.
  • Work with the CISO to strategically develop a program to manage security across all the SaaS applications sold by Bonterra. Build out a roadmap to address gaps in coverage, staffing, and future requirements as we scale the enterprise.
  • Utilize excellent communication and interpersonal skills to develop strong and productive partnerships with our key stakeholders, especially R&D, Product, M&A, and IT, enabling the InfoSec teams to regularly leverage these partnerships to address critical and systemic Application risks as well as evangelizing and driving application security inside the company.
  • Scale our Application security programs through automation, software, tools, training, and initiatives vs being mostly dependent on scaling horizontally through large headcount asks.
  • Review and confirm risk and impact of application vulnerability findings from a variety of sources like SAST, DAST, IAST, SCA, pentest reports, and bug bounty program submissions.
  • Perform activities such as: threat modeling, application security reviews, third-party integration reviews, source code level assessments, security testing, open and internal sourced component lifecycle management, and vulnerability triage across various applications.
  • Become an expert at leveraging quantitative data and meaningful metrics to guide program decisions, educate stakeholders, measure program operations, and overall application health.
  • Run centralized tracking and remediation of Application vulnerabilities including prioritization, scheduling, management, and metrics reporting. Work collaboratively and proactively with R&D, Product, & Operations teams and drive issue resolution.
  • Identify recurring classes of security problems, find the root cause, and develop generalized and creative solutions to reduce the occurrence of application vulnerabilities at scale.


Requirements:

  • 5-7 years experience in software development roles with 2-3 years in a position of responsibility (team lead, etc) including experience designing and building software-based solutions at scale using at least one popular programming language C#, Java, Python, Ruby, etc.)
  • An additional 5-7 years of experience in Application security with an emphasis on secure software development, code analysis, and application vulnerability management
  • Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
  • You demonstrate excellent and pragmatic judgement in prioritizing security efforts to mitigate the appropriate risks.
  • Strong knowledge of secure design practices such as threat modeling and common software vulnerabilities such as CWE Top 25 and OWASP top 10, and using that knowledge to identify security issues through code review, static/dynamic analysis, and common security tools.


What sets you apart:

  • Experience with and knowledge of securing cloud services such as those built on AWS and/or Azure
  • M&A (Mergers and Acquisitions) Product Security experience is a plus.
  • You have a strong application security background with a focus on scalable approaches to product security.
  • Experience with information security frameworks & controls. Knowledge of NIST, ISO, SOC 2, PCI, and/or CIS Controls.


Compensation
The range displayed on this job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and in addition to benefits this role may be eligible for discretionary bonuses/incentives, and equity.
US base salary range: $170,000 - $180,000
Please note that the compensation range specified in this job posting is applicable to candidates based in the United States. For international applicants, actual salary offers may vary based on the local market compensation standards and will be determined in accordance with regional considerations, including but not limited to applicable laws, cost of living, and industry norms.
Our Culture:
Our team is made up of industry experts and advocates who are 100% committed to supporting the doers of social good. We are currently undergoing an effort to create the vision and values that embody our collective organization and embrace the individuals who make up our community.
Our comprehensive and competitive benefits include:

  • Generous Flexible Time Off (FTO) Policy
  • Equity for ALL regular, full-time employees from individual contributors to management - share in our success!
  • Up to 15 paid company holidays including some commemorating social justice events and self-care
  • Paid volunteer time
  • Resources for savings and investments
  • Paid parental leave
  • Paid sick leave
  • Health, vision, dental, and life insurance with additional access to health and wellness programs.
  • Opportunities to learn, develop, network, and connect


We are committed to being an equal opportunity employer and evaluate qualified applicants without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, diversity of thought and any other characteristic protected by applicable law.

Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • C#Languages
    • JavascriptLanguages
    • PHPLanguages
    • ReactLibraries
    • ReduxLibraries
    • ASP.NETFrameworks
    • Node.jsFrameworks
    • ZendFrameworks
    • TrustRadiusAnalytics
    • AsanaManagement
    • ConfluenceManagement
    • SmartsheetManagement
    • WordpressCMS
    • ZapierCMS
    • SalesforceCRM
    • DrawloopCRM
    • TenfoldCRM
    • DocuSignCRM
    • OutreachCRM
    • MarketoLead Gen
    • BizibleLead Gen
    • TableauLead Gen

Location

Colorado, CO

What are DO NOT USE - Bonterra Perks + Benefits

Culture
Volunteer in local community
Receive up to 8 paid hours per quarter to volunteer with a non-profit organization of your choice.
Partners with nonprofits
Open door policy
Open office floor plan
Flexible work schedule
Bonterra employees are encouraged to work with their manager to establish a schedule that works both for them and for the business.
Remote work program
All employees will work from home will be until June 1st, 2021. Optional/reservable work from office is available.
Diversity
Dedicated diversity and inclusion staff
Highly diverse management team
Mandated unconscious bias training
Diversity employee resource groups
Hiring practices that promote diversity
Health Insurance + Wellness
Flexible Spending Account (FSA)
The Dependent Care FSA allows you to set aside up to $5,000 per plan year to cover expenses such as day care, after-school programs, and mroe so you and your spouse can work or go to school.
Disability insurance
Our benefits include short and long-term disability, as well as $50K of coverage provided by the company for employees.
Dental insurance
We pay 100% of medical insurance for employees. Dental and vision is free for employees and family. We offer an HSA match for employees and family.
Vision insurance
We pay 100% of medical insurance for employees. Dental and vision is free for employees and family. We offer an HSA match for employees and family.
Health insurance
We pay 100% of medical insurance for employees. Dental and vision is free for employees and family. We offer an HSA match for employees and family.
Life insurance
Our benefits include short and long-term disability, as well as $50K of coverage provided by the company for employees.
Pet insurance
Wellness programs
Our Wise and Well program offers monthly events incorporating physical, intellectual, emotion, financial and social well-being – like chair massages, financial planning workshops, and happy hours.
Mental health benefits
Financial & Retirement
401(K)
We offer a 401K match to help our employees invest in their future retirement.
401(K) matching
Social Solutions' 401(K) retirement plan matches 50% of an employee's contributions up to 3% of their annual base salary.
Performance bonus
Many individual contributor roles at Social Solutions are eligible for an annual performance bonus. Bonuses are based on a percentage of the employee's salary and are paid during performance reviews.
Charitable contribution matching
Child Care & Parental Leave
Generous parental leave
We recognize the importance of bonding with a new baby, so new parents receive paid off for both birthing and non-birthing leave.
Family medical leave
Bonterra will provide up to 12 weeks of unpaid, job protected leave to eligible employees for a variety of reasons.
Vacation + Time Off
Unlimited vacation policy
Paid volunteer time
Bonterra provides each employee with 8 hours of paid volunteer time per quarter. Employees are encouraged to volunteer with an organization of their choice.
Paid holidays
Paid sick days
Bonterra employees are able to take paid sick days as a part of our Flexible PTO policy.
Office Perks
Company-sponsored outings
Bonterra has an annual summer party and a holiday party for all employees and a guest. Past parties have included a casino night, a shrimp boil, and of course eating BBQ.
Company-sponsored happy hours
We work hard and we play hard. Bonterra hosts happy hours once per month either in our office break room or at a local bar.
Onsite office parking
We recognize that Austin isn't known for it's public transportation, so we have on-site parking for all employees.
Recreational clubs
Bonterra offers a variety of groups for employees to join that range from sports leagues to breakfast clubs and book clubs.
Home-office stipend for remote employees
Onsite gym
Professional Development
Job training & conferences
We offer a 2-Day New Hire Orientation, monthly professional development training, a High Potential program that accelerates growth of our top talent, and the LEAD program which is offered to managers.
Tuition reimbursement
Bonterra offers $1,500 per year toward role related graduate and undergraduate programs or $500 per year for continued education courses.
Promote from within
Continuing education stipend

More Jobs at DO NOT USE - Bonterra

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about DO NOT USE - BonterraFind similar jobs like this