Director Application & Product Security

Come be a part of our mission and make a meaningful and positive impact with the industry-leading provider of language services for the Deaf and hard-of-hearing.

• Paid Vacation Time, Paid Sick Time, and Paid Holidays
• k% match with immediate vesting
• Nationwide Medical Insurance plans and coverage (Medical, Dental / Orthodontia, Vision), TeleDoc, HSA, company match, and Medical plan options including a Low Deductible PPO Medical Plan
• Employee Assistance Program
• Engaged Employee Resource Groups
• Outstanding Learning and Career Development Opportunities

Pay Range : Actual pay may vary depending on job-related factors such as knowledge, skills, experience, and location. This position may be eligible for incentive compensation.

Applicants must be legally eligible to work in the United States. Visa sponsorship is not available for this role.

This position can be % Remote or Hybrid for local candidates.

Strategic Leadership & Program Development

• Define and execute the application and product security strategy aligned with business goals.
• Establish security frameworks, best practices, and governance models across the software development lifecycle (SDLC).
• Collaborate with engineering and product teams to embed security into all phases of software development.
• Contribute to security roadmap development.

Technical Risk Management

• Lead the identification, assessment, and management of technical risks in applications and products.
• Develop and maintain risk scoring models to prioritize security efforts effectively.
• Establish metrics and KPIs to measure security posture and drive data-informed decision-making.
• Coordinate enterprise-wide information security risk assessments, including reporting and oversight of risk treatment plans.
• Manage the technical Security Exception process.
• Define and maintain a security reference architecture covering major domains (IAM, privacy, cloud platforms, infrastructure, applications, database, etc.).

Security Testing & Assurance

• Oversee security testing initiatives, including penetration testing, red teaming, and technical audits.
• Develop and enhance application security testing capabilities (SAST, DAST, IAST).
• Partner with external security researchers and vendors for advanced testing and assessments.

Vulnerability & Remediation Management

• Manage vulnerability identification and remediation efforts.
• Establish secure coding practices and train development teams.
• Implement automated security testing within CI/CD pipelines.

Compliance & Regulatory Alignment

• Ensure compliance with industry standards (ISO, SOC, PCI-DSS, NIST, OWASP, GDPR, CISA Secure by Design).
• Partner with audit, compliance, and legal teams on regulatory requirements.
• Support incident response related to security threats.
• Collaborate with SOC and security operations teams on incident mitigation.

Skills / Certifications

• Excellent documentation skills (workflows, system documentation, playbooks).
• Strong communication skills, including presentation abilities.
• Ability to communicate risks clearly to management and stakeholders.
• Proven ability to work independently and multitask with strong analytical skills.
• Leadership skills to engage technical and non-technical stakeholders.
• Understanding of industry standards (NIST, HIPAA, ISO, SOC, PCI DSS, GDPR, CCPA, FedRamp).
• Experience testing or validating system controls and requirements.
• Deep experience in architecting mission-critical applications, cloud solutions (PaaS, IaaS, SaaS).
• Ability to balance business and security needs.
• Experience in Cloud Security, DevSecOps, Zero Trust.
• Background in software engineering, DevOps, or cloud security architecture.

Equal Employment Opportunity :

CaptionCall and Sorenson Communications are an EOE, Disability / Age Employer.

Company Summary

Our Mission… Harnessing the power of language, we connect diverse people and enrich the human experience.

Our Vision… To provide global language services that expand opportunities, nurture belonging, and empower the world to connect beyond words.

Sorenson combines patented technology with human-centric solutions. We strive to increase diversity, equity, inclusion, and accessibility for underrepresented communities through communication solutions such as call captioning, video relay services, sign language and spoken language interpreting, translation, and captioning services.

As a minority-owned company, we are committed to expanding opportunities for underserved communities and promoting an inclusive workplace.