Application Security Assurance Manager - Cyber Test & Evaluation

Job Purpose

To direct the Application Security Assurance team in integrating robust security measures into client software development processes, ensuring the highest level of application security. The manager plays a pivotal role in helping clients mitigate application-level risks through expert guidance and effective security practices.

Job Responsibilities

Key Focus Areas

Key Activities

Strategy and Leadership

• Oversee the Application Security Assurance (ASA) team, delivering high-quality services to clients.
  
  

Develop strategies for application security testing, code reviews, and security best practices implementation.

Technical Expertise

• Provide technical leadership and mentorship to the ASA team, promoting skill development and knowledge sharing.
• Lead the assessment of client applications for vulnerabilities and provide recommendations for remediation.
• Collaborate with client development teams to integrate security into the software development lifecycle.
• Drive the adoption of secure coding practices and application security tools among clients.
• Operate as a Senior Consultant in application security matters, and provide specialized input to VAPT, TSD, or CSA engagements when their expertise is called upon.
• Collaborate distinctively with other units by applying application security expertise to inform VAPT methodologies, enrich TSD scenarios, and support CSA in aligning application security with compliance standards.
  
  

Actively contribute to the development of tools and infrastructure, bringing in application security insights to enhance overall functionality and security.

Client Engagement

• Manage client relationships, ensuring alignment of services with client needs and expectations.
• Guide clients in integrating effective security measures in their DevOps environment, aligning with industry standards and best practices.
• Foster strong client relationships, ensuring clear communication and understanding of their specific security needs and challenges.
  
  

Prepare detailed reports and presentations for clients, highlighting findings, implications, and actionable recommendations.

Business Development

• Guide the team in formulating detailed and persuasive proposals for application security services, emphasizing the importance of security in the software development lifecycle.
• Actively engage in client meetings and industry events to promote ASA services, demonstrating how they contribute to the robustness and security of client applications.
• Collaborate with the marketing department to develop case studies and whitepapers that highlight the successes and methodologies of the ASA team.
  
  

Identify and pursue cross-selling opportunities within existing client engagements, expanding the scope of services to include comprehensive application security solutions.

AOR (Any Other Responsibilities)

To perform any other duties and responsibilities as assigned by the Director, adapting to evolving business needs and contributing to the strategic objectives.

Job Specifications

Skills/Certifications (Technical & Non-Technical)

• Proven experience in leading and managing large-scale engagements.
• Extensive experience in application security, ideally in a consulting or advisory role.
• Strong knowledge of secure coding practices, application security frameworks, and vulnerability assessment tools.
• Experience in working with Agile and DevOps environments.
• Strong written and verbal communication skills, including the ability to explain technical concepts to non-technical audiences.
• Experience leading and managing teams.
• Strong project management skills, including the ability to manage timelines and deliverables.
• Industry certifications such as GIAC Web Application Penetration Tester (GWAPT), Certified Secure Software Lifecycle Professional (CSSLP), Offensive Security Web Expert (OSWE), Certified Information Systems Security Professional (CISSP), and Offensive Security Certified Professional (OSCP) is highly desirable.
  
  

Minimum Work Experience

11+ years of experience in application development, security and assurance.

Education

Bachelor's degree in Computer Science, Cybersecurity, or related field.