The Manager Application Security will guide, lead and manage the team to provide expert technical guidance and hands on validation of secure solutions during the design, development, and testing of systems supporting the Sony Interactive Entertainment products and services.
Job Duties and Responsibilities:
- Identify threats and build security protection within the design of SIE’s products and services.
- Collaborate with engineers, consultants and leadership to address securityrisks and provide mitigation recommendations within the SDLC.
- Perform hands on guidance during the SDLC to proactively discover risk and track them to resolution.
- Perform validation of security controls to insure adherence with compliance and industry best practices.
- Perform threat analysis and define the requirement to mitigate a risk based on the threat.
- Understand, balance and communicate business risk with securityrisk.
- High level of personal integrity, with the ability to professionally handle confidential matters, and reflect appropriate level of judgment as it pertains to security.
- Ability to understand business requirements and applysecurity without adversely affecting the desired functionality.
- Guide, lead and manage team members in order to effectively provide Application Security support during the entire SDLC.
- Leading includes ensuring effective communication with other engineers, consultants and leadership in order to provide the above and other duties that might be required as a team.
- Bachelor’s degree in Computer Science or other technical discipline.
- 3+ years experience as a leader or manager of technical teams.
- 6+ years experience in information security.
- Experience with securing host, database, and application solutions for multi-tier systems.
- Experience with implementing and operating system, network, and host securitytechnologies and assessment tools.
- Firm understanding of enterprise class application architectures that are highly scalable and reliable and the ability to secure them.
- Experience with multiple languages such as Java, C++, PHP, etc. and understand how to detect and remedy related security issues such as OWASP top 10.
- Ability to scale security within the SDLC by automation using tools sets such as source code analyzers, vulnerability scanners, configuration validation, and similar techniques.
- Excellent communication and interpersonal skills with the ability to convey security needs to developers, peers and leadership.
- Understanding to cryptographic processes such as key management, seeding, and PKI.
- Solid foundation in application security.
- Certifications such as CISSP, GIAC, GSSP-JAVA preferred.
- Experience working within software development preferred.
- Experience with multiple development methodologies to include agile and RUPPS desired.