The
Application Security Lead reports to the IT Security Manager and works closely with Vistex's Development and DevOps teams to ensure security is embedded in the design, implementation and maintenance of Vistex product services through the implement of shift-left and DevSecOps approaches. This role can be a remote position.
Responsibilities :- Works closely with Development and DevOps teams to develop and enforce secure coding standards and best practices across Vistex's Development and DevOps teams.
- Collaborates with Development and DevOps teams to embed security controls into CI/CD pipelines (SAST, SCA, DAST, IaC scanning)
- Participates in design process for new products and changes to existing products to ensure that security requirements are identified, assessed and specified.
- Conducts threat modelling exercises with teams during the design process to identify risk and security requirements.
- Engages with teams to develop architecture diagrams and documentation that captures the security relevant content.
- Ensures that integration with Vistex security tools is factored into the design process.
- Participates in project meetings to track progress and conducts implementation readiness reviews to ensure specified security requirements are met and that documentation is complete.
- Conducts audits against products and platforms to ensure security coverage is complete.
- Reviews DevOps operations to ensure security best practice is followed and that any identified risks are managed.
- Engages with senior stakeholders and team leaders to build strong working relationships to ensure security requirements are met and security improvements are implemented
- Participates in risk management exercises for software development, DevOps and in AI where it is used for development or is integrated into Vistex products.
- Provides metrics on secure development maturity and performance.
- Provides assistance with analyzing application layer as required by security incident response processes/
- Maintains awareness of standard and regulatory requirements that relate to software development.
- Stays informed of the current topics in secure development and DevOps through various publications and sources.
- Supports the IT Security team in responding to development content in customer security assessments and questionnaires as required.
The compensation for this position is $120K - $140K annually. Base pay will vary depending on factors, including but not limited to, a candidate's location, job-related knowledge, skills and work experience. The compensation package may also include incentive compensation opportunities in the form of discretionary annual bonus. Vistex provides highly competitive benefits including comprehensive healthcare plan, 401(k) and paid time off, including paid volunteerism days!
