Director Application & Product Security

Come be a part of our mission and make a meaningful and positive impact with the industry leading provider of language services for the Deaf and heard-of-hearing.

Benefits

• Paid Vacation Time and Paid Sick Time and Paid Holidays
• 401k 6% match with immediate vesting
• Nationwide Medical Insurance plans and coverage (Medical, Dental/Orthodontia, Vision)
  • TeleDoc
  • HSA company match
  • 3 Medical plan options including a Low Deductible PPO Medical Plan Offering
• Employee Assistance Program
• Engaged Employee Resource Groups
• Outstanding Learning and Career Development Opportunities

Pay Range: Actual pay may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for incentive compensation.

This position can be 100% Remote or Hybrid for local candidates

Essential Duties and Responsibilities

• Strategic Leadership & Program Development
  • Define and execute the application and product security strategy aligned with business goals.
  • Establish security frameworks, best practices, and governance models across the software development lifecycle (SDLC).
  • Collaborate with engineering and product teams to embed security into all phases of software development.
  • Contribute to security roadmap development.
• Technical Risk Management
  • Lead the identification, assessment, and management of technical risks in applications and products.
  • Develop and maintain risk scoring models to prioritize security efforts effectively.
  • Establish metrics and KPIs to measure security posture and drive data-informed decision-making.
  • Coordinate the execution of enterprise-wide information security risk assessments, including the reporting and oversight of risk treatment plans to address findings.
  • Manage technical Security Exception process.
  • Define and maintain a security reference architecture that provides security best practices and design guidance, roadmaps, and key security considerations for all major domains (i.e., IAM, privacy, cloud platforms, infrastructure, applications, database, etc.).
• Security Testing & Assurance
  • Oversee security testing initiatives, including penetration testing, red teaming, and technical audits of technology platforms and systems.
  • Develop and enhance application security testing capabilities, including static (SAST), dynamic (DAST), and interactive (IAST) application security testing methodologies.
  • Partner with external security researchers and vendors to conduct advanced security testing and assessments.
• Vulnerability & Remediation Management
  • Manage vulnerability identification and remediation efforts across applications and product environments.
  • Establish secure coding practices and train development teams on security best practices.
  • Implement and enforce automated security testing and continuous security integration within CI/CD pipelines.
• Compliance & Regulatory Alignment
  • Ensure compliance with industry security standards (e.g., ISO 27001, SOC 2, PCI-DSS, NIST, OWASP, GDPR, CISA Secure by Design).
  • Partner with internal audit, compliance, and legal teams to address security-related regulatory requirements.
• Incident Response & Threat Management
  • Support incident response efforts related to application and product security threats.
  • Collaborate with SOC and security operations teams to analyze and mitigate security incidents effectively.

Skills / Certifications

• Excellent documentation skills (i.e., solution workflow diagrams, system documentation, playbooks, etc.)
• Excellent written and verbal communications skills, including presentational skills.
• Able to clearly communicate risk to upper management and other key stakeholders.
• Proven ability to work independently and in a multi-tasking environment with strong analytical and conflict resolution skills.
• Strong communication and leadership skills to engage both technical and non-technical stakeholders.
• Understanding of or experience with industry and regulatory standards, including NIST 800-53, HIPAA Security Rule, ISO 2700x, AICPA SOC 2, PCI DSS, GDPR, CCPA, FedRamp.
• Prior experience testing or validating system controls, configuration, and requirements.
• Deep experience in architecting mission critical application(s), Cloud-based PaaS, IaaS, and SaaS solutions.
• Ability to balance needs of business and security.
• Experience in Cloud Security, DevSecOps and Zero Trust.
• Experience working in high-growth SaaS or technology-driven environments.
• Background in software engineering, DevOps, or cloud security architecture.

Equal Employment Opportunity:

CaptionCall and Sorenson Communications are an EOE, Disability/Age Employer.

Company Summary

Our Mission…Harnessing the power of language, we connect diverse people and enrich the human experience.

Our Vision…To provide global language services that expand opportunities, nurture belonging, and empower the world to connect beyond words.

As one of the world’s leading language services providers, Sorenson combines patented technology with human-centric solutions. We strive to increase diversity, equity, inclusion, and accessibility for underrepresented people through communication solutions for all: call captioning and video relay services, over-video and in-person sign language and spoken language interpreting, translation, real-time captioning, and post-production language services.

Sorenson’s impact vision and plan extends to supporting employment opportunities for diverse employees, customers, and communities. As a minority-owned company, we are committed to expanding opportunities for underserved communities while promoting an inclusive workplace for our own employees.

Qualifications Education

Required

Bachelor of Science

Experience

Required: 7 years

• Deep understanding of threat modeling, vulnerability management, and risk assessment frameworks. • Proven experience managing and leading security teams, driving security culture, & influencing cross-functional stakeholders. • Familiarity with cloud security (AWS, Azure, GCP) and container security best practices. • Information/data security - encryption, obfuscation, tokenization, and PKI.

Preferred:

• Identity, Access Management, Governance, and Assurance - biometrics, privacy, privilege management, attestation. • Network Security - defense, penetration testing, network device monitoring, intrusion detection and patching and perimeter defense.

• Cloud and Mobile Security Services and Architectures. • Experience defining security design patterns that map to regulatory guidance, security standards and policies for cyber compliant solutions as well as validation of existing security controls. • Experience with a common scripting language, including Perl, Python, Bash, PowerShell, etc.