Application Security and Compliance Programs Manager
COFENSE
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
SDLC
About the role
- Reporting to the VP, Info Tech & Security, responsible for Compliance Programs & Application Security.
- Ensure Cofense Engineering designs, builds, ships, and operates software securely.
- Single point of contact on all project management activities for FEDRAMP/SOC2/ISO27001.
- Own relationships with the 3PAO, sponsoring agency, and FedRAMP PMO.
- Lead FedRAMP continuous monitoring (ConMon) activities, including Plans of Actions and Milestones (POA&Ms).
- Lead internal and external audits planning, scheduling, and analysis.
- Integrate security tools, standards, and processes into the software development life cycle (SDLC).
- Train software engineers on security knowledge.
- Support application security tool deployments and maintain secure development processes.
- Manage annual penetration testing services and application security assessments.
Requirements
- 5+ years application security experience
- Working knowledge in all phases of preparing and reviewing complete ATO packages for information technology systems
- Strong background with NIST Risk Management Framework (SP 800-53)
- Federal Information Processing Standards (FIPS) 199 and 140
- Experience load-balancing multiple competing projects at the enterprise level.
- Bachelor’s degree preferred.
- Strong preference given for bachelor and advanced degrees in software technology related fields.
Benefits
- Cofense is committed to equal employment opportunity.
- We will not discriminate against employees or applicants for employment on any legally recognized basis.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
application securitycompliance programssoftware development life cycle (SDLC)penetration testingNIST Risk Management Framework (SP 800-53)FEDRAMPSOC2ISO27001security tool deploymentaudit planning
Soft skills
project managementrelationship managementtrainingschedulinganalysiscommunicationleadershiporganizational skillsmultitaskingproblem-solving