Lumin Digital

Manager, Application Security

Lumin Digital

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $175,000 - $194,998 per year

Job Level

Mid-LevelSenior

Tech Stack

AWSCloudCyber SecurityFirewallsKubernetesLinux

About the role

  • Identify emerging industry threats, observed trends, and industry best practices guidelines to identify gaps and identify, plan, design, and enhance our application security posture in collaboration across Lumin Digital
  • Develop, collect, and summarize meaningful measures of application security to evaluate program performance
  • Collaborate with other leaders to understand vulnerabilities and to develop mitigation strategies that address current findings and reduce the likelihood of future occurrence of the same classes of issues
  • Ensure integration of security tooling into CI/CD pipelines with minimal developer friction
  • Review the technical methods and output of the AppSec team to ascertain the quality and fit of activities such as thread modeling, secure design reviews, and architectural risk assessments, and provide constructive and detailed feedback to improve team members’ ability to perform their duties
  • Lead improvements in secure coding standards, developer training, and evaluation of assessment tools
  • Review client-sponsored application assessments to qualify and prepare responses
  • Perform other duties as assigned

Requirements

  • Bachelor's degree in Computer Science, Information Assurance, Information Security, Cybersecurity, or related field is required; or equivalent combination of education and experience in cybersecurity with demonstrated command of key application security concepts and technologies and proficiencies in threat modeling, detective and preventative controls, application security testing, and other relevant technical security risk management domains.
  • Certifications relevant to application security or management of application security teams, such as the GWEB, GWAPT, CSSLP, or CISM, are preferred.
  • 5 years of hands-on technical experience directly working with detective security controls, including web application firewalls, TLS introspecting proxies, tools integrated into CI/CD pipelines, including SCA, SAST, DAST, and MAST required.
  • 3 years of experience leading complex security initiatives or driving secure application design practices within a team or organization required.
  • Experience with large-scale AWS operating environments, Linux, Kubernetes, Git, and scripting languages required.
  • Experience with administering public or private bug bounty programs required.
  • Experience analyzing and summarizing trends in application-layer threats, vulnerabilities, and posture to internal management teams is required.