Are you ready to grow your dream career while making others' vacation dreams come true? Marriott Vacations Worldwide is a world premier organization for Vacation Ownership with resorts at destinations around the globe. Join our team and help deliver unforgettable experiences that make vacation dreams come true.
As a member of the professional staff, contributes specialized knowledge and skill in a discipline (e.g. Accounting, Finance, Human Resources, Information Technology, Operations Planning & Support, Sales & Marketing) area to support team and/or department objectives. Generally, works under limited supervision, but within established guidelines, monitoring the flow of work between own department and others in alignment with business strategies, selecting and developing effective managers and work teams, managing own organization through reliable systems and processes, and producing and analyzing more complex business information to assist in the decision-making process.
The Security Assurance Senior Manager will provide leadership and direction in the day-to-day management and execution of technical security assessments. This includes vulnerability management, penetration testing and application security across internal, external, mobile, IOT and cloud environments to ensure that company systems, applications and websites are secured against the latest threats. The position will provide oversight, technical leadership and vision to mature security assurance processes and supporting metrics. Key areas of specific responsibility include:
- Technical security assurance program management
- Understand vulnerability risks and how to remediate them in real-world applications
- Perform manual penetration tests of cloud systems, hardware, web applications, mobile applications, and APIs
- Work with agile development teams to review web application vulnerabilities and support remediation efforts
- Write detailed reports for the identified vulnerabilities with supporting POCs
- Contributes to team, department and/or business results by performing more complex quantitative and qualitative analysis for business processes and/or projects. Often manages small projects, business processes or parts of larger ones.
- Responds to, solves and makes decisions on more complex/non-routine business requests with limited to moderate risk.
- Works to enhance the organization's capabilities through effective staffing and development of others by:
- using appropriate MVW interviewing tools to hire the best managers available from inside or outside.
- hiring for diversity and balance of skills.
- setting and maintaining high standards for team and individual performance.
- providing timely coaching and feedback.
- making and rewarding distinctions in performance.
- Assists more senior associates in achieving business results by:
- identifying opportunities to enhance the effectiveness of business processes.
- providing training and technical guidance to less senior staff, where appropriate, and serving as point-of-contact for problem resolution.
- participating in setting department operating plans.
- recognizing and celebrating team successes.
- achieving results against budget within scope of responsibility.
- Demonstrates an awareness of personal strengths and areas for improvement and acts independently to improve and increase skills and knowledge.
- Performs other duties as appropriate.
Specific Expected Contributions
- Responsible for the day-to-day assignments, development, performance of the security assurance team, ensuring the team is operating efficiently and effectively.
- Analyze and assist in the secure design and architecture of applications and network infrastructure.
- Work with software developers, project managers, DevOps, and QA, to review, assist and recommend changes and solutions to address the security of web, cloud and mobile solutions throughout the SDLC and in accordance with the OWASP testing guide.
- Utilize source code scan tools (such as Veracode or Checkmarx) to assist application development teams to apply the best practice for application security and catch potential vulnerabilities early in the SDLC.
- Conduct security assessments of systems and applications using industry-standard tools and techniques to identify vulnerabilities.
- Perform security penetration testing directives in accordance with written security policy, and industry best practices.
- Risk-rank identified threats to prioritize mitigation and provide mitigation strategies for applications from infrastructure, architecture, and secure coding perspectives
- Produce reports to demonstrate assessment results and working with the system engineers and software teams to ensure corrective actions are implemented and validated.
- Coordinate Penetration Testing efforts with approved 3rd parties, as required.
- Maintain demonstrable knowledge of current vulnerability exploitation techniques.
- Research, evaluate, and stay current on emerging security tools, trends, policies, best practices, techniques, and technologies.
Successful candidates should possess knowledge and experience and demonstrate strong leadership and relationship skills as follows:
Generally, a professional position with specific knowledge and experience in a discipline (e.g., Accounting, Human Resources, Information Technology) as well as associate management experience. College degree and/or relevant experience typically required.
Education -- BA/BS in business or computer science or appropriate work experience is required. Master's degree in Information Security or similar IT related specialization is also highly desired for this position.
Experience -- 7+ years' work experience in relevant Information Security position and 2+ year experience in a management role or a similar position or having equivalent skills and experience is highly desired.
Certification --Applicable Penetration Testing or Application Security certifications (OSCP, GWAPT, GMOB, etc.) are strongly preferred.
- Knowledge and experience with diverse architectures, large-scale transaction processing environments, external hosted services, and cloud computing environments.
- Advanced working understanding of penetration test assessment procedures to include network, web application, wireless, mobile and IoT.
- Hands-on experience using and tailoring penetration testing tools (e.g., Kali Linux, NMAP, Burp Suite, OWASP ZAP, Metasploit, etc.).
- Expert knowledge of Open Web Application Security Project (OWASP) Top 10 Vulnerabilities and testing procedures.
- Strong understanding of offensive and defensive security, including offensive evasion and defensive detection techniques.
- Advanced working understanding of web application and network technologies, programing languages, databases, Linux, Unix, Mac OSX, and Windows operating systems.
- Demonstrated experience leading work of others.
- Effective interpersonal skills.
- Experience in analyzing risk associated with security vulnerabilities.
- Demonstrated strong organizational skills with attention to detail.
- Ability to react to high pressure dynamic changing environments.
- Ability to multi-task, problem solve and meet deadlines.
Marriott Vacations Worldwide is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture.