Application Security Manager #5-7-139

Job Location:

• The office for this position is located at the Harry S Truman State Office Building, 301 W High Street, Jefferson City, MO. 65101.

Why you’ll love this position:

The Information Technology Services Division is responsible for the life cycle planning of business applications through the phases of strategize, architect, select, deploy, operate, evolve, and retire. Some of our application delivery work is managed as products, regardless of whether the customer is internal or external. The Applications Security Manager reports to the Chief of Business Systems Development and partners with Application Development teams, the ITSD Office of Cyber Security, and other ITSD functional areas and business partners to assess and continually improve our application security posture and secure coding processes across the enterprise.

This position is with the Office of Administration, Information Technology Services Division (OA-ITSD) supporting Business Systems Development (BSD).

ITSD Core Values - We Innovate and Partner with Passion, Respect, and Integrity United as #OneTeam.

• Provides Application Security Testing Oversight.
• Ensures development teams are scanning required applications at a minimum.
• Develops and implements strategies that increase code scan coverage.
• Conducts Veracode (or current security testing vendor) meetings with appropriate security leads.
• Oversees Vulnerability remediation and ensures accountability for risk reduction.
• Leads Vulnerability mitigation oversight.
• Leverages features available with application security testing tools across application development.
• Ensures security leads are actively participating in consultation and readout calls.
• Recommends application security testing policy updates and develops associated metrics.
• Presents key metrics and trends related to secure coding to business systems development leadership.
• Serves as the Primary Business Systems Development Liaison to the Office of Cyber Security (OCS)
• Works with OCS to ensure applications are behind the Web Access Firewall (WAF) and in active blocking mode.
• Works with OCS to define Penetration Testing Campaign Scope.
• Works with OCS to manage Penetration Testing results and necessary remediations.
• Works with teams across Business Systems Development to remediate findings produced by OCS discovery tools like Tenable, where it relates to application development.
• Responsible for establishing and curating application development standards and the review process associated with the upkeep of the standards.
• Develops and oversees processes to ensure accountability to meeting application development standards.
• Indirectly supervises, mentors, and provides direction to security leads on each application development team to help them understand and improve their team’s application security posture.
• Oversees source code repository strategy.
• Builds and subsequently supervises a team of technical professionals supporting application development security initiatives.
• Partners with teams across all functional areas to vet new or audit existing system designs/architecture acquisitions related to application security and development.

A minimum of a Bachelor's degree related to Computer Information Systems and 12-15 or more years of multi-functional IT experience. Substitutions may be allowed.

A successful candidate must be able to demonstrate:

• An understanding of the complexities and challenges of connecting and securing very large applications across multiple platforms.
• Insights into performance and security best practices.
• Knowledge related to developing and maintaining the infrastructure and architecture of applications using a mixture of tools and languages.
• Strong technical and troubleshooting skills.
• Excellent customer service and interpersonal skills.
• Effective communication skills, both verbal and written.
• The ability to work under pressure and meet tight timelines.
• Supervisory skills are preferred.
• The ability to prioritize tasks in an effective and efficient manner.
• Successful background check results are required for employment in this position. This may include background checks involving a candidate’s name and/or fingerprints and other screenings as needed for the specific position.

Lack of post-secondary education will not be used as the sole basis denying consideration to any applicant.

In addition to those identified in the previous levels: Skill in communicating with technical experts, clients, vendors, and staff. Ability to mentor and promote skill development of staff.

The classification for this position is Applications Development Manager; click for more information.

The State of Missouri offers an excellent benefits package that includes a defined pension plan, generous amounts of leave and holiday time, and eligibility for health insurance coverage. Your total compensation is more than the dollars you receive in your paycheck. To help demonstrate the value of working for the State of Missouri, we have created an interactive Total Compensation Calculator. This tool provides a comprehensive view of benefits and more that are offered to prospective employees. The Total Compensation Calculator and other applicant resources can be found here.

If you have questions please contact:ITSDRecruiting@oa.mo.gov