Verizon is a leading provider of technology, communications, information and entertainment products, transforming the way we connect across the globe. We’re a diverse network of people driven by our ambition and united in our shared purpose to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.
What you’ll be doing...
Managing a team of Application Security Analysts, Application security practices and demonstrating the risk mitigation & Business benefits.
Identifying application security vulnerabilities early in the life cycle, different application security testing methodologies and related application security tools.
Expertise in application security risk, cloud architecture, application threat modeling and familiarity with regulatory standards such as PCI-DSS, SoX, GDPR and CCPA.
Build the KPI & KRI which demonstrate the value proposition of SSDLC program.
As the security is always the responsibility of everyone, this role is required to have a regular communication and collaboration with various stakeholders such as Business, Technology Leaders, Application development team, Risk Management and vendor partners.
Create a vision, strategy, and processes for a comprehensive SSDLC program.
Collaboratively work with application engineering / architect / development / product teams and promote the SSDLC program.
Inculcate the culture of Secure Coding by driving the opportunity metrics.
Explore & build automation to provide real-time visibility for developers to build secure code.
Ensure proper training and support is extended.
Manage and mentor a team of Application Security Analyst.
Coordinate leadership team and manage weekly / biweekly & monthly meetings.
Build & deliver threat modeling practices to early identify threat and security controls to incorporate as part of the design.
Liaison with various stakeholders Engineering, Application Development, Architecture, Procurement Services and GRC.
Manage new projects and initiatives related to application security as needs arise.
Maintains security risk register, track for closure on time as per the vulnerability management policy.
What we’re looking for...
You’ll need to have:
Bachelor’s degree or four or more years of work experience inComputer Science/Information Systems or an equivalent combination of education and work experience.
Six or more yearsofexperience in Application Security, SSDLC, DevSecOps.
Six or more yearsof experience in IT Security domain.
Experience inTechnology Risk Management, Automation are preferred.
Experience with standards and compliance such as PCI, SoX, GDPR, CCPA, OWASP, SANS are preferred.
Even better if you have:
Certification such as CEH, OSCP, CSSLP, CCSP.
Experience in implementing and driving application security programs in large scale.
Experience with various security tools across the SDLC lifecycle.
Experience in securing API & Micro services, Containers.