Senior Director of Application Security

Sorry, this job was removed at 11:44 a.m. (MST) on Wednesday, September 7, 2022
Find out who’s hiring remotely
See all Remote jobs
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

Overview
Are you a passionate innovator looking to harness the power of technology to do more good? You've come to the right place. At Bonterra, our purpose is to power those who power social impact. To that end, we serve the people who make social good possible-the doers behind the scenes across nonprofits, public agencies, corporations, philanthropic organizations, and foundations.
As the second-largest and fastest-growing social good software company in the world, Bonterra brings together leading solutions from CyberGrants, EveryAction, Network for Good, Social Solutions, and their respective entities. By bringing our intuitive technology and expertise together, Bonterra will enable unprecedented connectivity between social good organizations and their community of supporters and constituents. This will reshape philanthropic giving, empower digital transformation, and bring the social good sector the technology it needs to accelerate lasting social change.
We are currently operating as a remote workforce and have equipped our teams with the technology to stay connected to each other and our customers.
Responsibilities & Requirements
Do you love to stay up to date on the latest application security attacks, trends, and news? Do you love to try and poke holes in applications? Are you the type that tries to see if you can put a SCRIPT tag in a first name field? Are you detail oriented, passionate, and committed to continual development? If so, read ahead!
What You'll Do:

  • Report directly to the CISO while heading up Application Security to champion a comprehensive application security program founded on the same engineering principles as our R&D counterparts including secure development throughout the CI/CD pipeline. This program will span public cloud, data center, and corporate infrastructure security, and it will have clear security priorities defined to articulate and maximize value.
  • Utilize excellent communication and interpersonal skills to develop strong and productive partnerships with our key stakeholders, especially R&D, Product, M&A, and IT, enabling the InfoSec teams to regularly leverage these partnerships to address critical and systemic Application risks as well as evangelizing and driving application security inside the company.
  • Scale our Application security programs through automation, software, tools, training, and initiatives vs being mostly dependent on scaling horizontally through large headcount asks.
  • Review and confirm risk and impact of application vulnerability findings from a variety of sources like SAST, DAST, IAST, SCA, pen test reports, and bug bounty program submissions.
  • Perform activities such as: threat modeling, application security reviews, third-party integration reviews, source code level assessments, security testing, open and internal sourced component lifecycle management, and vulnerability triage across various applications.
  • Become an expert at leveraging quantitative data and meaningful metrics to guide program decisions, educate stakeholders, measure program operations, and overall application health.
  • Run centralized tracking and remediation of Application vulnerabilities including prioritization, scheduling, management, and metrics reporting. Work collaboratively and proactively with R&D, Product, & Operations teams and drive issue resolution.
  • Identify recurring classes of security problems, find the root cause, and develop generalized and creative solutions to reduce the occurrence of application vulnerabilities at scale.


Who You Are:

  • 3-5 years' experience in application security and/or software development roles with 1-3 years in a position of responsibility (team lead, etc) including experience designing and building software-based solutions at scale using at least one popular programming language C#, Java, Python, Ruby, etc.)
  • Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
  • You demonstrate excellent and pragmatic judgement in prioritizing security efforts to mitigate appropriate risks.
  • Strong knowledge of secure design practices such as threat modeling and common software vulnerabilities such as CWE Top 25 and OWASP top 10 and using that knowledge to identify security issues through code review, static/dynamic analysis, and common security tools.


What sets you apart:

  • Experience with and knowledge of securing cloud services such as those built on AWS and/or Azure
  • M&A (Mergers and Acquisitions) Product Security experience is a plus.
  • You have a strong application security background with a focus on scalable approaches to product security.
  • Experience with information security frameworks & controls. Knowledge of NIST, ISO, SOC 2, PCI, and/or CIS Controls.


About Us
Our Culture:
Our team is made up of industry experts and advocates who are 100% committed to supporting the doers of social good. We are currently undergoing an effort to create the vision and values that embody our collective organization and embrace the individuals who make up our community.
Some of our comprehensive and competitive benefits include:

  • Generous PTO policy
  • Equity for ALL regular, full-time employees from individual contributors to management - share in our success!
  • Up to 15 paid company holidays including some commemorating social justice events and self-care
  • Paid volunteer time
  • Resources for savings and investments
  • Paid parental leave
  • Health, vision, dental, and life insurance with additional access to health and wellness programs.
  • Opportunities to learn, develop, network, and connect
  • When we can-company-sponsored events and swag!!


Job Tags
#LI-JH1 #LI-Remote

See More
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • C#Languages
    • JavascriptLanguages
    • PHPLanguages
    • ReactLibraries
    • ReduxLibraries
    • ASP.NETFrameworks
    • Node.jsFrameworks
    • ZendFrameworks
    • TrustRadiusAnalytics
    • AsanaManagement
    • ConfluenceManagement
    • SmartsheetManagement
    • WordpressCMS
    • ZapierCMS
    • SalesforceCRM
    • DrawloopCRM
    • TenfoldCRM
    • DocuSignCRM
    • OutreachCRM
    • MarketoLead Gen
    • BizibleLead Gen
    • TableauLead Gen

Location

Colorado, CO

What are DO NOT USE - Bonterra Perks + Benefits

Culture
Volunteer in local community
Receive up to 8 paid hours per quarter to volunteer with a non-profit organization of your choice.
Partners with nonprofits
Open door policy
Open office floor plan
Flexible work schedule
Bonterra employees are encouraged to work with their manager to establish a schedule that works both for them and for the business.
Remote work program
All employees will work from home will be until June 1st, 2021. Optional/reservable work from office is available.
Diversity
Dedicated diversity and inclusion staff
Highly diverse management team
Mandated unconscious bias training
Diversity employee resource groups
Hiring practices that promote diversity
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
The Dependent Care FSA allows you to set aside up to $5,000 per plan year to cover expenses such as day care, after-school programs, and mroe so you and your spouse can work or go to school.
Disability insurance
Our benefits include short and long-term disability, as well as $50K of coverage provided by the company for employees.
Dental insurance
We pay 100% of medical insurance for employees. Dental and vision is free for employees and family. We offer an HSA match for employees and family.
Vision insurance
We pay 100% of medical insurance for employees. Dental and vision is free for employees and family. We offer an HSA match for employees and family.
Health insurance
We pay 100% of medical insurance for employees. Dental and vision is free for employees and family. We offer an HSA match for employees and family.
Life insurance
Our benefits include short and long-term disability, as well as $50K of coverage provided by the company for employees.
Pet insurance
Wellness programs
Our Wise and Well program offers monthly events incorporating physical, intellectual, emotion, financial and social well-being – like chair massages, financial planning workshops, and happy hours.
Mental health benefits
Financial & Retirement
401(K)
We offer a 401K match to help our employees invest in their future retirement.
401(K) matching
Social Solutions' 401(K) retirement plan matches 50% of an employee's contributions up to 3% of their annual base salary.
Performance bonus
Many individual contributor roles at Social Solutions are eligible for an annual performance bonus. Bonuses are based on a percentage of the employee's salary and are paid during performance reviews.
Charitable contribution matching
Child Care & Parental Leave Benefits
Generous parental leave
We recognize the importance of bonding with a new baby, so new parents receive paid off for both birthing and non-birthing leave.
Family medical leave
Bonterra will provide up to 12 weeks of unpaid, job protected leave to eligible employees for a variety of reasons.
Vacation & Time Off Benefits
Unlimited vacation policy
Paid volunteer time
Bonterra provides each employee with 8 hours of paid volunteer time per quarter. Employees are encouraged to volunteer with an organization of their choice.
Paid holidays
Paid sick days
Bonterra employees are able to take paid sick days as a part of our Flexible PTO policy.
Office Perks
Company-sponsored outings
Bonterra has an annual summer party and a holiday party for all employees and a guest. Past parties have included a casino night, a shrimp boil, and of course eating BBQ.
Company-sponsored happy hours
We work hard and we play hard. Bonterra hosts happy hours once per month either in our office break room or at a local bar.
Onsite office parking
We recognize that Austin isn't known for it's public transportation, so we have on-site parking for all employees.
Recreational clubs
Bonterra offers a variety of groups for employees to join that range from sports leagues to breakfast clubs and book clubs.
Home-office stipend for remote employees
Onsite gym
Professional Development Benefits
Job training & conferences
We offer a 2-Day New Hire Orientation, monthly professional development training, a High Potential program that accelerates growth of our top talent, and the LEAD program which is offered to managers.
Tuition reimbursement
Bonterra offers $1,500 per year toward role related graduate and undergraduate programs or $500 per year for continued education courses.
Promote from within
Continuing education stipend

More Jobs at DO NOT USE - Bonterra

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about DO NOT USE - BonterraFind similar jobs like this