Application Security Manager
The Application Security Manager ensures the adherence of security best practices to Orion’s various applications and cloud platforms and validates the confidentiality, integrity, and availability of the data within those environments.
The Application Security Manager will manage the development and implementation of internal application security requirements and provide guidance to technical teams around these developed security requirements.
The Application Security Manager is responsible for the implementation, configuration, and ongoing maintenance of tools and processes which support the application security program.
The Application Security Manager assesses application security vulnerabilities and works with technical teams to remediate any vulnerabilities identified in a timely manner.
Essential Functions of the Job
Develop, manage and maintain the application security program focused on industry best practices.
Perform threat modeling, architecture reviews, and application testing to ensure vulnerabilities are identified and recorded in the vulnerability management program.
Review current security vulnerabilities, document and provide recommended remediation plans.
Generate and maintain metrics with regard to outstanding security vulnerabilities within applications and computing environments.
Assists the Security Governance and Compliance team with policies around secure SDLC and validate its effectiveness. Make recommendations and updates as needed.
Manage and automate dynamic and static code scanning tools to support timely analysis and feedback throughout the SDLC
Work closely with the DevOps, Platform, AppDev, and InfoSec teams for various security tasks and initiatives.
Manage 3rd party relationships and continually evaluate new relevant technologies.
Skills Needed to Perform the Job
Working knowledge of threat modeling, OWASP Top 10, and application security testing best practices.
Experience with static and dynamic security analysis tools, and the ability to clearly document findings and provide clear recommendations for remediation.
Knowledge and experience with Agile methodologies such as Scrum.
Experience in AWS and cloud services.
Knowledge of cloud security architecture and infrastructure best practices.
Working knowledge of code repositories, build technologies and CI / CD pipeline process.
Working knowledge of .Net and Java applications.
Strong understanding of YAML.
Knowledge of cybersecurity frameworks : ISO, NIST, SOC2.
Experience with vulnerability scanning tools such as Burp Suite or similar.
Knowledge of web development frameworks.
Strong technical writing skills to articulate security vulnerabilities to technical and nontechnical teams.
Education Needed to Perform the Job
Minimum of a bachelor’s degree in Cybersecurity, Application Development, Cloud Computing, Computer Science preferred.
Two or more Industry certifications, or the ability to obtain within 12 months : ISC2 , CompTIA , IACRB, EC-Council, GIAC , AWS , Azure
Obtain Orion Industry Certification.
Experience Needed to Perform the Job
Minimum of 5 years of experience in Application Development, .NET preferred.
Minimum of 3 years of experience with Secure Development, Cloud Security, Application Security, or related field required.
LI-AP1
LI-Remote
Salary Range : $103, - $162,
$103, - $162,
The pay listed in this posting indicates the estimated pay at the time of this posting; however, may vary depending on geographic location, job-related knowledge, skills, and experience.
In addition, Orion offers a competitive benefits package which includes health, dental, vision, and disability coverage on day one, 401(k) plan with employer match, paid parental leave, pet benefits including pawternity leave and pet insurance, student loan repayment and more.