Create, manage, and maintain the application security strategy and roadmap, tracking OKRs and work efforts over six quarters.
Comfortable and excited to lead the application security domain, including managing and maintaining existing tools, executing domain strategies, and owning all aspects of application security.
Develop, execute, and track the performance of security measures to protect Alma’s data, applications, and systems.
Gain a deep understanding of Alma’s systems and architecture and the software development processes used to develop it.
Provide subject matter expertise in the areas of secure coding, application authentication, encryption, AI, and quickly research and become competent in other areas as needed.
Collaborate with teammates, PMs, and peers to design, develop and implement engineering’s technical security strategy and architecture.
Collaborate with the Platform Infrastructure team to configure, troubleshoot, and maintain a security infrastructure that monitors and protects against security breaches and intrusions.
Collaborate with the Developer Experience team to integrate security tools, workflows, and practices into development environments.
Continually research current and emerging security threats and technologies, proposing changes and guidance that are most impactful.
Develop appropriate technical solutions along with the latest security tools that help mitigate security vulnerabilities and also help automate repeatable activities.
Build and provide high-quality application security documentation and training to engineers to set them up for success.
Educate and train Alma engineering on information system security best practices using our security training solution as well as in-person and recorded training.
Mature and execute the Threat Modeling program with engineers.
Implement, manage, and maintain application security tools such as SAST and DAST scanners and own the workflow for remediation of findings.
Assist with creating the reports for management regarding vulnerabilities, training, and other relevant metrics.

Requirements

You have 4+ years of experience working in an application security role.
You strongly understand the security best practices for the development lifecycle (SDLC).
You have expert knowledge of web application protocols.
You have deep technical knowledge of Content Security Policies (CSP) and how to implement them.
You have strong experience working with AI and understand the areas to focus on to secure it.
You have expert understanding of application security testing tools like OWASP ZAP and Burpsuite.
Expert understanding of the OWASP Top 10 and other application attacks.
Experience installing and running a local developer environment for local testing of code.
Deep technical knowledge of application development, operating system environments, and AWS cloud infrastructure as they pertain to application security.
Implemented/managed SAST and DAST tools such as StackHawk and Snyk with more than a year experience in each type of tool.
Familiarity with common security libraries and tools.

Benefits

We’re a remote-first company
Health insurance plans through Aetna (medical and dental) and MetLife (vision), including FSA and HSA plans
401K plan (ADP)
Monthly therapy and wellness stipends
Monthly co-working space membership stipend
Monthly work-from-home stipend
Financial wellness benefits through Northstar
Pet discount program through United Pet Care
Financial perks and rewards through BenefitHub
EAP access through Aetna
One-time home office stipend to set up your home office
Comprehensive parental leave plans
12 paid holidays and 1 Alma Give Back Day
Flexible PTO

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

application securitysecure codingapplication authenticationencryptionsecurity measuresThreat ModelingSASTDASTweb application protocolsContent Security Policies

Soft Skills

leadershipcollaborationcommunicationtrainingresearchdocumentation