Lead and mentor the application security team and a group of senior cloud security engineers
Define and execute the organization’s application and cloud security strategy
Partner with engineering, DevOps, and architecture teams to embed security into all stages of development
Establish security KPIs, metrics, and reporting for executive leadership
Provides leadership for those involved in the development, design and optimization of one or more information technology and systems functions supporting company business processes and technical information systems platforms.
Drive secure SDLC practices including threat modeling, code reviews, and security testing
Oversee implementation of SAST, DAST, SCA, and API security tools
Develop and maintain secure coding standards and developer training programs
Lead vulnerability management and remediation efforts for applications
Design and enforce security controls across cloud platforms (AWS, Azure, GCP)
Ensure secure configuration and governance of cloud environments (IAM, networking, storage, containers)
Implement and manage CSPM, CWPP, and CIEM solutions
Oversee container and Kubernetes security practices
Assign project work to cloud team to support organizational needs
Align security practices with frameworks such as NIST, ISO 27001, SOC 2, and CIS benchmarks
Conduct risk assessments and support audits and regulatory requirements
Collaborate with GRC teams to maintain compliance posture
Support incident response related to application and cloud threats
Drive root cause analysis and continuous improvement efforts
Stay ahead of emerging threats, vulnerabilities, and industry trends
Provides direction for the effort required to protect the company's data, tools and information systems.

Requirements

7+ years of experience with a bachelor’s degree or 5+ years of experience with an advanced degree
5+ years of managerial experience
Bachelor’s degree in Computer Science, Cybersecurity, or related field (Master’s preferred)
8–12+ years of experience in cybersecurity, with a focus on application and cloud security
3–5+ years in a leadership or management role
Strong expertise in cloud platforms (AWS, Azure, or GCP)
Deep understanding of secure software development and DevSecOps practices
Experience with security tools (e.g., SAST, DAST, SIEM, CSPM, container security)
Knowledge of modern architectures (microservices, APIs, serverless)
Industry certifications such as CISSP, CCSP, CISM, or GIAC
Experience with Infrastructure as Code (Terraform, CloudFormation)
Familiarity with CI/CD pipelines and automation tools
Hands-on experience with Kubernetes and container ecosystems
Strong understanding of Zero Trust architecture principles.
For Baccalaureate degrees earned outside of the United States, a degree that satisfies the requirements of 8 C.F.R. § 214.2(h)(4)(iii)(A) is required.

Benefits

Health, Dental and vision insurance
Health Savings Account
Healthcare Flexible Spending Account
Life insurance
Long-term disability leave
Dependent daycare spending account
Tuition assistance/reimbursement
Incentive plans
401(k) plan plus employer contribution and match
Short-term disability
Paid time off
Paid holidays
Employee Stock Purchase Plan
Employee Assistance Program
Non-qualified Retirement Plan Supplement
Capital Accumulation Plan

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

application securitycloud securitysecure SDLCthreat modelingcode reviewssecurity testingvulnerability managementsecure coding standardsDevSecOpsInfrastructure as Code

Soft Skills

leadershipmentoringcollaborationcommunicationproject managementrisk assessmentcontinuous improvementstrategic planningproblem-solvingexecutive reporting

Certifications

CISSPCCSPCISMGIAC