CIS Security Manager responsible for EID’s information security strategy and compliance. Ensuring protection of information assets and promoting security culture across the organization.
About the role
- Application Security Architect with SAS focusing on secure software development and compliance. Partnering with teams to enhance security posture across technologies and cloud environments.
Responsibilities
- Work in active partnership with development teams in identifying and building solutions to secure code and the implementation of application vulnerability scanning and penetration testing contributing documentation, developer guidance and training, and repositories with examples of best practices in secure architecture, design, design, and operational patterns and practices.
- Perform risk based prioritized and periodic reviews of application architecture to identify security gaps and generally help improve the security posture of business-critical multi-tier applications in legacy, hybrid cloud, and public cloud environments.
- Work cross organizationally with engineering (security champions, architects, and developers) and operations to assist in the identification, risk assessment, and remediation of security issues, and Product Management to ensure security implementations are consistent business objectives and customer requirements ensuring alignment to SAS security standards, policies, and procedures and other global regulatory requirements.
- Assist in the creation of dashboards and on-demand reporting of a product division’s security posture and make recommendations for improvements aligning to Secure by Default and Zero Trust principles.
- Identify, train, and partner with divisional Security Champions in place with product architecture and engineering teams.
- Help champions assess and gauge risk to identify security gaps or seams in the products and integrated solutions.
- Collaborate with other teams within security to identify new tools and processes to integrate into the Secure SDLC.
- Recommend and promote software security policies, standards, and procedures that can improve the global security posture of the company.
- Ensure all applicable security policies and processes are followed to support the organization's secure software development goals.
Requirements
- Bachelor's degree with major study in technical disciplines such as Electrical Engineering or Computer Science.
- 5+ years of secure software development, secure system architecture and design, or related experience.
- Demonstrated knowledge in securing enterprise web applications and the supporting systems and services as detailed by OWASP Top 10 for Web, CVSS, CWE/CVE, etc. extending to the effective remediation of issues surfaced by relevant SAST and DAST scanners and tooling.
- Demonstrated ability to provide guidance to development and hosting/operational teams on the effective remediation of issues surfaced by relevant SAST and DAST scanners and tooling, reported by customers, or findings from internal/external offensive security testing or compliance audits.
- An equivalent combination of related education, training and experience may be considered in place of the above qualifications.
- 2+ years of experience in developing or adopting software security patterns and best practices.
- Demonstrated knowledge and willingness to learn security principles for Kubernetes, containers and micro-services, SaaS (public and private cloud deployments), ML, GenAI, and Agentic AI.
- Experience with programming languages such as: Java, C/C++, C#, Rust, Python, JavaScript, PHP, Golang, etc.
Benefits
- Comprehensive medical, prescription, dental and vision plans.
- Medical plan options include: PPO with low annual deductible and copays.
- HDHP combined with a health savings account with a contribution from SAS (no access to on-site health care center).
- Onsite Health Care Center (HQ) that’s free to employees and family members enrolled in the PPO plan.
- There's a pharmacy too! Not local to HQ? The pharmacy will ship prescriptions for no additional charge!
- An industry-leading 401k plan.
- Tuition Assistance Program and programs and resources to support your development.
- Generous time away including vacation time, a variety of paid holidays, and our much-loved U.S. Winter Wellness Break between December 25 and January 1.
- Volunteer Time Off, parental leave and unlimited paid sick days.
- Generous childcare benefits for all full-time employees.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Cyber Security Subject Matter Expert at CACI supporting a new DoD contract. Working on cloud security with an emphasis on system security engineering and risk management.
Cybersecurity Engineer developing solutions for complex security challenges protecting data and networks. Implementing next generation security solutions for government and commercial clients in hands - on roles.
Information Security Manager responsible for security governance and risk management. Engaging with technical teams for compliance with security standards and best practices.
Security Access Control Specialist at AMERICAN SYSTEMS managing database queries, document processes, and security measures. Supporting federal government programs through effective security operations in McLean, VA.
Customer Support Coordinator delivering technical support for complex security solutions. Collaborating with internal teams and external stakeholders to resolve service incidents while ensuring high performance standards.
Site Security Specialist tasked with implementing security measures for client at Richmond site. Acting as point of contact for security team and client management.
Information Security Specialist responsible for developing ISMS under ISO 27001 and guiding audits. Collaborating closely with IT and management while ensuring compliance and documentation.
Senior Threat Detection & Response Engineer at ICF developing cyber analytic capabilities for federal cybersecurity. Engage in project design and countermeasure capabilities while collaborating with key stakeholders.
Technician in Occupational Safety at Telefônica working on safety programs to prevent workplace accidents. Ensuring compliance with safety regulations in Ribeirão Preto/SP.