Application Security Manager - Remote

Our CAST (Clark Associates Security Team) is committed to maintaining the highest standards of security and integrity in all our applications and systems. We are seeking a Hands-On Senior Application Security Manager who will lead our application security efforts while actively participating in technical tasks. In this role, you will function as a senior application security engineer who also guides and mentors the team. You will be instrumental in integrating security practices throughout the software development lifecycle (SDLC), securing containerized applications, securing our ecommerce platforms, and enhancing our overall security posture.

Technical Leadership:

• Actively perform security assessments, code reviews, penetration testing, and vulnerability management.
• Develop and implement security measures to protect applications, including those running in containerized
• Stay current with the latest security threats, vulnerabilities, and technologies.

Team Leadership:

• Lead, mentor, and provide technical guidance to a team of application security engineers and analysts.
• Foster a collaborative environment that encourages knowledge sharing and continuous learning.

Program Management:

• Oversee the integration of security practices into all stages of the SDLC.
• Implement security tools and processes within CI/CD pipelines and development workflows.
• Establish metrics and reporting mechanisms to track the effectiveness of the Application Security program.

Security Control Integration:

• Collaborate with development and DevOps teams to ensure secure coding practices and secure deployment of containerized applications.
• Integrate security testing tools into CI/CD pipelines for both traditional and containerized applications.

Policy Development:

• Establish and enforce secure coding standards, policies, and procedures across the organization.
• Ensure compliance with relevant security standards and regulations.

Risk Management:

• Identify, assess, and prioritize application security risks, including those specific to container technologies.
• Develop and oversee remediation plans to address identified vulnerabilities.

Collaboration:

• Work closely with product managers, developers, and other stakeholders to integrate security requirements into product development.
• Provide security design reviews and consultations for new and existing projects.
• Advocate for security best practices across the organization.

Reporting:

• Provide regular updates on security metrics, program status, and risk assessments to executive leadership.
• Communicate security issues and strategies effectively to both technical and non-technical audiences.