At MSG we valuediversity and are looking for extraordinary employees of all backgrounds!MSG is an Equal Opportunity Employer and provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexualorientation, gender identity or expression, national origin, citizenship, age, genetic information, disability, or veteran status. In addition to federal law requirements,MSG complies with all applicable state and local laws governing nondiscrimination in alllocations.
As an Application Security Manager, you will be responsible for ensuring all our applications and software meet industry security best practices (OWASP Top 10), while also allowing MSG to provide top-notch services and products to our customers (both internal and external). In this role you will be critical in bridging the gap between MSG’s customer facing programs and marketing tools and its security philosophy, to prevent any potential securitythreats or events from affecting our most important asset, our guests.
Main Duties / Functions: You will
- Be a Security Evangelist who translates security concepts for developers.
- Improve and support application security tool deployments and developing standards
- Liaise between MSG Technology’s security team and our business users who are interacting with our clients through our applications
- Own roadmap development and delivery providing program reviews and analysis for the roadmap development to implementation
- Utilize standard testing methodologies on our applications.
- Partner with 3rd parties to provide penetration testing services to deliver faster results
- Work with the Software Engineers, Product Management, and related teams to scope, plan and execute application-level security testing
- Mentor and support the developers on how to write good security unit tests and promote good security testing frameworks
- Guide and influence application security programs
- On the regular perform security assessments and analysis
- Complete application security design reviews and prioritize all security issues you find
- Will own the roadmap development and delivery of projects
- Present penetration testing findings to related teams and provide measurable paths to resolution
- Deploy programs according to a project management methodology using Agile principles
- Will work closely with MSG Technology Development teams and teach them about securitythreats and potential incidents/events
- Stay abreast of the latest information security controls, practices, techniques and capabilities in the marketplace
- Lead internal skills development activities for our teams on the topic of application security and mentoring by conducting insight sharing sessions
Required Qualifications: To be successful you should
- Possess a minimum of 5 years of related experience working
- 3+ years of experience in application security and software engineering
- CISSP, CSSLP, or OSCP or equivalent experience
- Experienced with implementing an SSDLC (Secure Software Development Life Cycle) with DAST (Dynamic Application Security Testing), SAST (Static Analysis Security Testing) and NIST Cyber Security Framework
- Have led and integrated a Bug Bounty program or love finding bugs and reporting on them
- Possess a strong understanding of red-team assessments - dare we say it's a passion
- Ability to investigate the impact of security problems
- Comfortable working in scripting, permissions management
- Programming experience with several mainstream languages, from .NET, React, R to C#, no language should be a challenge
- Comfort with providing leadership to the team to determine budgetary requirements, maintenance, support, and growth of a maturing application security program
- You are happy forging relationships with Development and DevOps teams
- You pride yourself in influencing decision?making processes at all levels of a large organization
- Enjoy describing vulnerabilities and weaknesses to many audiences, and implement effective defensive techniques
- Experienced and appreciate working with others and sharing knowledge
- You are metric focused and want to help teams measure the right thing to ensure their success
- You have an advanced knowledge of programming languages, database design and infrastructure
- Ability to interact with the security community regarding security vulnerabilities and potential threats
Candidates who have completed 60 credits of college-level coursework (representing 2 years), or have shown similar self-development through certifications, trade school coursework, etc. are preferred.
Requisition ID 18-8829