Director Application & Product Security

Come be a part of our mission and make a meaningful and positive impact with the industry leading provider of language services for the Deaf and heard-of-hearing.

• Paid Vacation Time and Paid Sick Time and Paid Holidays
• 401k 6% match with immediate vesting
• Nationwide Medical Insurance plans and coverage (Medical, Dental/Orthodontia, Vision)
  • TeleDoc
  • HSA company match
  • 3 Medical plan options including a Low Deductible PPO Medical Plan Offering
• Employee Assistance Program
• Engaged Employee Resource Groups
• Outstanding Learning and Career Development Opportunities

Pay Range: Actual pay may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for incentive compensation.

This position can be 100% Remote or Hybrid for local candidates.

Essential Duties and Responsibilities

• Strategic Leadership & Program Development
  • Define and execute the application and product security strategy aligned with business goals.
  • Establish security frameworks, best practices, and governance models across the software development lifecycle (SDLC).
  • Collaborate with engineering and product teams to embed security into all phases of software development.
  • Contribute to security roadmap development.
• Technical Risk Management
  • Lead the identification, assessment, and management of technical risks in applications and products.
  • Develop and maintain risk scoring models to prioritize security efforts effectively.
  • Establish metrics and KPIs to measure security posture and drive data-informed decision-making.
  • Coordinate the execution of enterprise-wide information security risk assessments, including the reporting and oversight of risk treatment plans to address findings.
  • Manage technical Security Exception process.
  • Define and maintain a security reference architecture that provides security best practices and design guidance, roadmaps, and key security considerations for all major domains (i.e., IAM, privacy, cloud platforms, infrastructure, applications, database, etc.).
• Security Testing & Assurance
  • Oversee security testing initiatives, including penetration testing, red teaming, and technical audits of technology platforms and systems.
  • Develop and enhance application security testing capabilities, including static (SAST), dynamic (DAST), and interactive (IAST) application security testing methodologies.
  • Partner with external security researchers and vendors to conduct advanced security testing and assessments.
• Vulnerability & Remediation Management
  • Manage vulnerability identification and remediation efforts across applications and product environments.
  • Establish secure coding practices and train development teams on security best practices.
  • Implement and enforce automated security testing and continuous security integration within CI/CD pipelines.
• Compliance & Regulatory Alignment
  • Ensure compliance with industry security standards (e.g., ISO 27001, SOC 2, PCI-DSS, NIST, OWASP, GDPR, CISA Secure by Design).
  • Partner with internal audit, compliance, and legal teams to address security-related regulatory requirements.
• Support incident response efforts related to application and product security threats.
• Collaborate with SOC and security operations teams to analyze and mitigate security incidents effectively.

Skills / Certifications

• Excellent documentation skills (i.e., solution workflow diagrams, system documentation, playbooks, etc.).
• Excellent written and verbal communications skills, including presentational skills.
• Able to clearly communicate risk to upper management and other key stakeholders.
• Proven ability to work independently and in a multi-tasking environment with strong analytical and conflict resolution skills.
• Strong communication and leadership skills to engage both technical and non-technical stakeholders.
• Understanding of or experience with industry and regulatory standards, including NIST 800-53, HIPAA Security Rule, ISO 2700x, AICPA SOC 2, PCI DSS, GDPR, CCPA, FedRamp.
• Prior experience testing or validating system controls, configuration, and requirements.
• Deep experience in architecting mission critical application(s), Cloud-based PaaS, IaaS, and SaaS solutions.
• Ability to balance needs of business and security.
• Experience in Cloud Security, DevSecOps and Zero Trust.
• Experience working in high-growth SaaS or technology-driven environments.
• Background in software engineering, DevOps, or cloud security architecture.

Company Summary

Our Mission…Harnessing the power of language, we connect diverse people and enrich the human experience.

Our Vision…To provide global language services that expand opportunities, nurture belonging, and empower the world to connect beyond words.

As one of the world’s leading language services providers, Sorenson combines patented technology with human-centric solutions. We strive to increase diversity, equity, inclusion, and accessibility for underrepresented people through communication solutions for all: call captioning and video relay services, over-video and in-person sign language and spoken language interpreting, translation, real-time captioning, and post-production language services.

Sorenson’s impact vision and plan extends to supporting employment opportunities for diverse employees, customers, and communities. As a minority-owned company, we are committed to expanding opportunities for underserved communities while promoting an inclusive workplace for our own employees.

Bachelor of Science or better in Information Systems or related field.

7-10 years:

• Deep understanding of threat modeling, vulnerability management, and risk assessment frameworks.
• Proven experience managing and leading security teams, driving security culture, & influencing cross-functional stakeholders.
• Familiarity with cloud security (AWS, Azure, GCP) and container security best practices.
• Information/data security - encryption, obfuscation, tokenization, and PKI.

• Architecting, designing, and developing large enterprise class technologies / platforms (at least 3 yrs. with Cloud platforms). Experience should include most of the following:

• Identity, Access Management, Governance, and Assurance - biometrics, privacy, privilege management, attestation.
• Network Security - defense, penetration testing, network device monitoring, intrusion detection and patching and perimeter defense.
• Cloud and Mobile Security Services and Architectures.
• Experience defining security design patterns that map to regulatory guidance, security standards and policies for cyber compliant solutions as well as validation of existing security controls.
• Experience with a common scripting language, including Perl, Python, Bash, PowerShell, etc.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)