Manager of Application Security

in Colorado Springs, CO

Manager of Application Security Job

Job Description Job Attributes+

  • Job ID

    5217518

  • Req #

    17384

  • Job Location

    Colorado Springs, CO 80920, US

  • Job Category

    Information Technology

  • Job Type

    CTH or Perm

Blackstone Talent Group, an award-winning technology consulting and talent agency is seeking a Manager of Application Security to join our team at our client’s site in Colorado Springs, Colorado.

Join our Application Security Engineering team. As the manager of this team, you would have many responsibilities, but the primary one would be to lead the Application Security Engineering team that works closely with our application development and IT engineering staff, to ensure that the applications we are building, and our Azure cloud migrations, adhere to our high security standards to protect our members.


The individual we are seeking will be both a leader and a contributor. This person will have a strong partnership with the application development and operations teams.


What we are looking for in a candidate, is someone would be able to lead others on the following, as well as conduct:

  • Manual and automated application security testing using a variety of tools to test the security of an application, and then work closely with the application developers to resolve any vulnerabilities.
  • Perform Code Reviews to assess potential security vulnerabilities.
  • Review the cloud infrastructure of an application to assess potential security vulnerabilities and ensure that the application is deployed according to the approved security design standards.
  • Conduct Risk Assessments of an application or solution to identify security risks and present those risks to the business for acceptance or mitigation.
  • Partner closely with the application development staff to help educate them on application security best practices, participate in design sessions, and identify risks early in the software development process.
  • Assess third party vendors for security vulnerabilities.
  • Enhance application security through automation and processes.
  • Work with incident response teams to identify potential threats and properly handle application security incidents. 


What we are looking for in a candidate:

  • A Web Developer with experience in Security and the Cloud.
  • Or an experienced security professional with experience in Web Development.
  • Someone who works well on a team, and in a non-adversarial manner.
  • Someone with one of the following certifications or similar: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), Offensive Security Certified Professional (OSCP), GIAC Web Application Penetration Tester (GWAPT).


Position Description:

The Application Security Manager assists the Systems Integration area and Application Development area to ensure that our applications adhere to high security standards. This is done through strong subject matter expertise on best practices for assessing security vulnerabilities and training staff on best practices related to application security coding.


Essential Duties and Responsibilities:

Management of the Application Security Program:

  • Create Risk Assessments of an application or solution to present to the business for acceptance.
  • Develop/maintain procedures to review the cloud infrastructure of an application to assess potential security vulnerabilities.
  • Partner closely with the Application Development staff to educate them on application security best practices and participate in design sessions.
  • Develop/maintain procedures to perform Code Reviews to assess potential security vulnerabilities.
  • Assess third party vendors for security vulnerabilities.
  • Work with incident response teams to identify potential threats and properly handle application security incidents.
  • Conduct manual and automated application security testing using a variety of security tools and then work closely with the application developers to resolve any vulnerabilities.
  • Enhance application security through automation and process.


Management of the application Security Function:

  • Supervision of Application Security Engineers for Day-to-Day Tasks
  • Annual Staff Performance Reviews, Mentoring, Coaching
  • Benchmarks Costs/Systems/Best Practices
  • Vendor Due Diligence as Appropriate


Research and Development/Subject Matter Expertise:

  • Researches Emerging Threats/Trends
  • In-Depth Knowledge of Credit Union Systems
  • Other duties as required


Minimum formal education required for this position:

Knowledge consistent with a Bachelor’s Degree in Software Engineering, Computer Science or related field of study. 

Each year of relevant work experience may be exchanged for a year in a relevant degree program or vice versa. For example, a requirement of “Knowledge Consistent with a Bachelor’s Degree in Accounting and 2+ years’ of accounting experience” could be substituted for a High School Diploma and 6 years of relevant accounting work experience or a Master’s Degree in Accounting and 0 years of work experience.  


Minimum work experience:

7+ years’ of relevant experience related to IT Security to include at least 4+ years’ secure coding or serving an application security role in a production environment.


Technical or specialized knowledge/skills:

  • Demonstrates expertise in multiple security specialties related to securely coding applications and technical platforms along with strong understanding of the technical architecture of the organization
  • Possesses strong understanding of diverse security practices along with IT risk management concepts and applies them effectively when coding security solutions
  • Well versed in secure coding techniques and cloud security
  • Strong secure web application development skills
  • Proficient with relevant application security testing tools such as Burp and OWASP ZAP
  • Very strong knowledge of application security threats, secure software development, and software development concepts
  • Familiarity with Systems Lifecycle Development (SDLC) best practices.
  • Excellent analytical skills
  • Demonstrated excellence in providing superb customer service.
  • Strong communication skills (written, verbal, and listening).
  • Proven leadership experience and the ability to interface with all levels (executive to entry level).
  • Experience with continuous build and deployment systems
  • Experience utilizing Cloud Platform as a Service
  • Knowledge of source control systems
  • Experience with Scrum/Agile software development
  • Proficient with the Microsoft Office Suite of products (Word/Excel/Outlook).
  • (Preferred) Experience utilizing Microsoft Azure Cloud Platform as a Service
  • (Preferred) Strong working knowledge of Microsoft Azure cloud security coding and best practices
  • (Preferred) Experience with GIT Source control systems
  • (Preferred) Experience with Azure DevOps continuous build and deployment systems


Certifications required:

  • Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Information Security Manager (CISM), Offensive Security Certified Professional (OSCP), GIAC Web Application Penetration Tester (GWAPT) or similar certification approved by the VP of Business Services is required.


Environmental, physical and psychological requirements:

  • Must be able to sit or stand for prolonged periods of time in a climate controlled environment. Must be able to use fingers, hands, wrists for repetitive tasks such as typing, using a mouse, handling paper, currency, or coin, and operating a telephone.  Demands for visual and auditory acuity are typical of an office environment. Must be able to interact via email, telephone, or in person with diplomacy, tact, and courtesy with all members under varying circumstances. Must be able to lift up to 40 lbs.




Blackstone Talent Group is a division of Blackstone Technology Group, a global IT services and solutions firm that implements technological solutions across commercial industry verticals and the US Federal Government. Blackstone’s global talent augmentation practice was founded in 1998. Blackstone Talent Group has offices in San Francisco, Denver, Houston, Colorado Springs, and Washington, DC. We specialize in providing clients the best talent across a variety of industries and sectors.

EOE of Minorities/Females/Veterans/Disabilities

Additional Information

Who We Are

ABOUT US
Founded in 1998, Blackstone Talent Group is one of three divisions of Blackstone Technology Group. The other two divisions are Blackstone Federal, a premier engineering + transformation agency that serves the federal government, and Trellis Energy, the largest transaction management software firm fully dedicated to serving the natural gas industry. Blackstone Technology Group is a privately-held global IT services, solutions and resourcing firm. Headquartered in San Francisco, Blackstone now has more than 300+ employees across five offices nationwide. Blackstone Technology Group’s mission is to help clients adapt to the demands of a digital world, and has garnered an impressive track record of delivering successful results to a client list that includes Fortune 100 businesses and US federal, state and local government.

WHAT WE DO
We provide contract, permanent and managed resource services to our clients. We source for commercial businesses and non-profits, as well as government clients requiring security clearances from public trust through multiple levels of top secret. Some of our skill specialties are IT, IT Operations, Engineering, Accounting and Finance, and Executive Search.

HOW WE DO IT
Our team never stops building connections with talent. And our network of fully-vetted, ready-to-work professionals allows us to provide exceptional speed and accuracy in our resource delivery that is unmatched in the industry. With a relationship-first engagement approach, we most often become a trusted partner with our clients and operate as an extension of their organizations.

Saved Jobs