Application Security Manager

About Foundever

Foundever is a global leader in the customer experience (CX) industry. With 150,000 associates across the globe, we’re the team behind the best experiences for +800 of the world’s leading and digital-first brands. Our innovative CX solutions, technology and expertise are designed to support operational needs for our clients and deliver a seamless experience to customers in the moments that matter.

Supporting +9 million customer conversations every day in +60 languages across 45 countries, Foundever combines global strength and scale with the agile, entrepreneurial approach of our founder-led culture, enabling companies of all sizes and industries to transform their CX.

• Winner of Comparably’s Award for Best Global Culture in2024, 2023, 2022 and 2021
• Gold Stevie Award Winner for Great Employersin 2024 and 2022
• We foster an exciting culture of creativity, connection, and commitment

Reporting into the Global Security organization, the global manager of Application Security Engineering will be responsible for the architecture and engineering aspects of embedding security into the day-to-day activities of the software engineering teams in collaboration with the regional technology, developers, QA, legal, sales and operations to ensure the systems developed are in compliance with applicable security policies, regulations and industry standards.

The position will be tasked with identifying and reporting on vulnerabilities in applications developed internally and their supporting infrastructure, and researching threats and attack vectors that impact web, enterprise and mobile applications. With a focus on turning vulnerabilities into actionable opportunities to improve the security posture of the products and systems, the position will also assist the Product Engineering and IT teams in the remediation efforts and the creation of the appropriate processes to reduce the number of vulnerabilities early on the development phases. This position will also work as POC for any security engineering related item for the region where is located.

• Demonstrated skills in the area of Cyber Security and associated compliance regulations and industry standards, which include, but are not limited to: SSAE18, PCI-DSS, ITIL, ISO 27001, COBIT, NIST 800-53.
• Conduct reviews of existing application code and implementations, and recommend industry best practices in the area, as well ashaving the capability to analyze multiple instances of vulnerability patterns that can be traced to a single root cause to eliminate existing risks through the development of policies and processes.
• Support application security initiatives to ensure the software applications do not pose information risk to the company, developing and updating security patterns aligned with security requirements
• Support AI initiatives, ensuring the security implementation of the technology
• Partner with teams and deliver security risk assessments, manual/automated/external penetration testing, automate security testing, threat modeling, and education on secure coding.
• Integrate Static and Dynamic Application Security Testing and reporting into the SDLC to ensure that new applications or applications undergoing a major change are assessed for vulnerabilities prior to production implementation.
• Create functional and non-functional security requirements, including delivering secure cloud services that strike a balance of product usability.
• Project management skills that organize, drive, and execute initiatives.
• Demonstrated collaboration with all global technology functions to ensure that the ongoing education, awareness, and execution aligns with the Security Engineering Roadmap.
• Demonstrated ability to drive security conversations based upon factual data.
• Demonstrated experience working in a complex global environment and being a security change agent in order to drive improved security controls and operations.
• Disaster Recovery strategy – partner with technology to design, implement, and operate regional disaster recovery models and plans for applications.
• Work closely with the Global Director of Security Engineering on the development of functional goals and objectives.
• Be seen as a functional leader and resource within the company and security technical lead for the region.
• Support other areas in global security, including investigations, risk assessments,and new projects as required.
• Support the approval process for requirements from internal and external clients.

Business Travel Required: Minimal travel required, up to 10%.

• Four-year computer science, engineering, business degree or related degree, and/or equivalent field experience
• A second language would be an advantage
• Minimum of 5-10+ years of increasingly diverse or complex experience in the field of Cyber Security within a global environment.
• 3+ years of professional development or application security experience
• Excellent communication, analytical, and writing skills with the ability to participate in and lead team-based projects.
• Prior call center experience is highly advantageous given the specialized security environment that will be managed.
• Experience working in an ITIL environment.
• Must work well in a dynamic team that is geographically dispersed.
• Ingenuity, creativity, motivation, and self self-starter attitude required.
• People management skills and proven experience leading diverse teams both on and offshore.

• Strong understanding of Software Security Architecture and Design, SDLC, CI/CD, and the ability to clearly articulate best practices for application security.
• Evaluate, deploy and manage applications security tools (DAST, SAST, IAST, RASP, WAF, etc) and build strong vendor relationships.
• Previous application security testing or incident response experience, including documenting vulnerabilities, findings or incidents.
• Provides input in the development of operating and capital budgets.
• Understanding of ISO27001 processes and practices.
• Personnel Skills (1-2-1, review, interview, appraisals, disciplinary skills).
• Able to work in a highly dynamic environment.
• Ability to create business strategies and business cases.
• Understanding of financial drivers and strong P&L experience.
• Excellent verbal and written skills and able to communicate effectively with internal and external clients whilst maintaining enthusiasm, sound judgment and common sense.
• Able to thrive in an environment undergoing rapid technological and business change.
• Full customer service focus.
• A confident, positive attitude.
• Administration and organization.
• Special Certifications: CISSP (Must be obtained within 2 years of being in role)

• Competitive salaries, benefits.
• Fully remote position.
• Growth opportunities through various development programs.
• Employee discounts.
• Excellent work culture.

#LI-TS1#LI-Remote