Director Application & Product Security

Come be a part of our mission and make a meaningful and positive impact with the industry-leading provider of language services for the Deaf and heard-of-hearing.

Benefits

• Paid Vacation Time, Sick Time, and Holidays
• 401k with 6% match and immediate vesting
• Nationwide Medical Insurance plans (Medical, Dental, Orthodontia, Vision)
• TeleDoc services
• HSA company match
• Three Medical plan options, including a Low Deductible PPO

Additional Benefits

• Employee Assistance Program
• Employee Resource Groups
• Career Development Opportunities

Pay Range: Compensation varies based on experience, skills, and location. Incentive compensation may also be available.

*Legal eligibility to work in the US required. No visa sponsorship available.*

*Position can be remote or hybrid for local candidates.*

Essential Duties and Responsibilities

• Define and execute application and product security strategies aligned with business goals.
• Establish security frameworks, best practices, and governance across the SDLC.
• Collaborate with engineering and product teams to embed security into all development phases.
• Contribute to security roadmap development.

• Lead identification, assessment, and management of application and product risks.
• Develop risk scoring models and KPIs to measure security posture.
• Coordinate enterprise-wide security risk assessments and oversee risk treatment plans.
• Manage security exceptions and define security reference architectures across domains.

• Oversee security testing, including penetration testing and audits.
• Develop capabilities for static, dynamic, and interactive application security testing.
• Partner with external researchers and vendors for security assessments.

• Manage vulnerability identification and remediation efforts.
• Establish secure coding practices and train development teams.
• Implement automated security testing within CI/CD pipelines.

• Ensure compliance with standards like ISO 27001, SOC 2, PCI-DSS, NIST, GDPR, CCPA, CISA Secure by Design.
• Work with audit, compliance, and legal teams on regulatory requirements.

• Support incident response related to security threats.
• Collaborate with SOC and security teams to mitigate incidents.

• Excellent documentation and communication skills.
• Ability to communicate risks to stakeholders.
• Experience with industry standards and security controls.
• Background in software engineering, DevOps, or cloud security architecture.
• Experience with cloud security, DevSecOps, Zero Trust, and high-growth SaaS environments.

Equal Employment Opportunity: CaptionCall and Sorenson Communications are EOE, Disability/Age Employers.

Company Summary

Our Mission: Harnessing the power of language to connect diverse people and enrich the human experience.

Our Vision: To provide global language services that expand opportunities, nurture belonging, and empower connections beyond words.

Sorenson combines technology with human solutions, promoting diversity, equity, inclusion, and accessibility for all, including call captioning, sign language interpreting, translation, and more.

We are committed to supporting employment opportunities for diverse communities and fostering an inclusive workplace as a minority-owned company.

Bachelor’s degree in Information Systems or related field required.

Required: 7-10 years in threat modeling, vulnerability management, risk assessment, managing security teams, cloud security (AWS, Azure, GCP), and data security practices.

Preferred: Experience with identity and access management, network security, cloud and mobile security, scripting languages, and defining security design patterns compliant with regulations. Knowledge in biometrics, privacy, penetration testing, and cloud security architectures is advantageous.

Additional details on rights and legal notices are included as per federal requirements.