This site uses cookies. To find out more, see our Cookies Policy

Application Defense Manager in Dallas, TX at Vaco

Date Posted: 5/10/2018

Job Snapshot

Job Description

The person in this role will be a security focused PM/BA. Our client is currently running 1300 security applications and penetration testing each of them yearly. They have outsourced this to 4 outside vendors.
You will be the intermediary that interacts with those vendors, handling performance, KPI's, timeframe of deliverables. Monitors and reports progress, problems and solutions in a timely manner.
You will follow through to ensure dollars and time estimates are realized within planned limits. Communicate to management and business sponsors the status of projects and issues as they relate to the testing process.
You will provide clear, consistent, regular communication with all project stakeholders at all levels, including presentations to senior management, creating agendas and meeting minutes.

Application Defense Manager

Primary Responsibilities:

  • Lead a team responsible for conducting internal and external penetration testing and automated web application security testing.
  • Evolve the delivery model for the Application penetration testing service, including roles and responsibilities, remediation plans, rollout of best practices, etc.
  • Hire, manage, and develop staff of application penetration testers by providing direction, establishing clear and measureable objectives, managing performance, training and coaching.
  • Develop and maintain KPIs to help project resource requirements, and forecast sub-contractor usage.
  • Ensure effective knowledge management of findings and review results of penetration testing in order to determine severity of findings and identify potential remediation or mitigation strategies
  • Monitors and reports progress, problems and solutions in a timely manner. Follows through to ensure dollars and time estimates are realized within planned limits.
  • Effectively communicates to management and business sponsors the status of projects and issues as they relate to the testing process.
  • Provides clear, consistent, regular communication with all project stakeholders at all levels, including presentations to senior management, creating agendas and meeting minutes.
  • In-depth research of the latest adversarial tactics, techniques and procedures (TTPs) and technologies to remain at the bleeding edge.
  • Create and support KPIs and KRIs that measure risk reduction and progress over time.
  • Builds a high performance team
  • Develops and mentors staff to achieve career goals and maintain leadership succession planning.

Qualifications:

  • Bachelor's degree in related field (Business, Information Services, IT, Information Security, etc.); Master's preferred.
  • 10 years of hands on Application Penetration testing experience with at least 4 years in managing and leading a team of penetration testers.
  • Expert knowledge and hands on experience of penetration tools such as Kali linux, Burpsuite, Nessus, Metasploit etc.
  • Expert knowledge of existing, emerging threats, web security principles and attack vectors
  • Ability to Author detailed and articulate penetration test reports, including prescriptive recommendations for remediation options
  • Experience with programming at least one of the following: Perl, Python, ruby, bash, C or C++, C#, or Java, including scripting and editing existing code.
  • Knowledge of Web Frameworks such as Spring, Struts Hibernate, ASP, JSP etc and APIs (JSON/REST/SOAP)
  • Understanding of APIs (JSON/REST/SOAP) An aptitude for technical writing, including assessment reports, presentations and operating procedures.
  • Knowledge of common information security management frameworks, including but not limited to: ISO 27001/27002, ITIL, COBIT and NIST is desired.
  • Professional security management certification, such as a CISSP, CISM, CEH, OSCP/E, GWAPT, GPEN, or GXPN certification(s) or other similar credentials, is desired

Job Requirements

Qualifications:

Bachelor’s degree in related field (Business, Information Services, IT, Information Security, etc.); Master’s preferred.
10 years of hands on Application Penetration testing experience with at least 4 years in managing and leading a team of penetration testers.
Expert knowledge and hands on experience of penetration tools such as Kali linux, Burpsuite, Nessus, Metasploit etc.
Expert knowledge of existing, emerging threats, web security principles and attack vectors
Ability to Author detailed and articulate penetration test reports, including prescriptive recommendations for remediation options
Experience with programming at least one of the following: Perl, Python, ruby, bash, C or C++, C#, or Java, including scripting and editing existing code.
Knowledge of Web Frameworks such as Spring, Struts Hibernate, ASP, JSP etc and APIs (JSON/REST/SOAP)
Understanding of APIs (JSON/REST/SOAP) An aptitude for technical writing, including assessment reports, presentations and operating procedures.
Knowledge of common information security management frameworks, including but not limited to: ISO 27001/27002, ITIL, COBIT and NIST is desired.
Professional security management certification, such as a CISSP, CISM, CEH, OSCP/E, GWAPT, GPEN, or GXPN certification(s) or other similar credentials, is desired