Log In Sign Up

Application Security Manager

Premium Job From Sage

Recruiter

Sage

Listed on

6th April 2021

Location

Newcastle

Salary/Rate

Competitive

Salary Notes

Competitive

Type

Permanent

Start Date

ASAP

This job has now expired please search on the home page to find live IT Jobs.

People make Sage great. From our colleagues delivering ground-breaking solutions to the customers who use them: people have helped us grow for more than thirty years, and people are driving our future as a great SaaS company. We're writing our next chapter. Be part of it!

Experience has taught us that when our customers thrive, we thrive. As a team, we always start with what customers need. Through the good... and more challenging times. Innovating at pace so customers can manage their finances, operations and people. Every one of us shapes our culture at Sage - doing what's right and succeeding together, united by our commitment to each other. We encourage each other to grow in our roles, in our careers and as individuals.

Follow us on our social media sites below to join in conversations about career tips, open positions and company news! #lifeatsage #sagecareers.  All qualified applicants will be thoughtfully considered and never discriminated against based on their race, color, age, religion, sexual orientation, gender identity, national origin, disability or veteran status. To lead Senior and Junior Application Security roles and work alongside the Global Application Security Team. The Application Security Manager is accountable for all aspects of application security across Sage covering web, desktop and mobile applications. The role will support the Director - Application Security in coordinating improvements in the end-to-end product/system lifecycle spanning the whole SDLC and post launch operations. The role combines leadership including the management of the Security Champions programme, Bug Bounty and Developer Security training as well as technical application security activities related to validating the security of existing and new products and services and enabling the Application Security team and Security Champions to quickly and effectively address vulnerabilities discovered in Sage products and systems. The ultimate goal is to drive continual improvement in the security of our products, systems and behaviours and ensure colleague and customer success. Key accountabilities and decision ownership:
      Providing leadership to the Sage Application Security Team members, ensuring high levels of engagement, alignment to Sage goals, effective personal development
      Ensuring the Application Security Team aligns with recognised industry standards, levels of competence and emerging threats, vulnerabilities and techniques
      Planning and managing Application Security Team workload focusing on Sage priorities and coordinating a roadmap of activities in sync with the other Security teams and Security Champions
      Driving continual improvement in the secure software development lifecycle and supporting our drive to a modern and innovative DevSecOps approach
      Working with Application Security team and Lead Security Champions on improving the effectiveness of the overall Security Champion program
      Managing and evolving Sage's Bug Bounty program in support of the Offensive Security team
      Support the Application Security team analysis of vulnerabilities and other findings to identify systemic weaknesses and drive continual improvement in products, systems and behaviours
      Publishing blogs/articles and representing Sage at external events to establish us as a recognised centre of excellence for security

      Supporting security compliance as it relates to assigned products as part of our Information Security Management System, aligned to ISO27001
      Provides technical security leadership for significant projects or workstreams Skills, know-how and experience:
Must have:
      Strong/advanced knowledge of security concepts and how to apply that knowledge to identifying, containing, and resolving application security vulnerabilities
      Good verbal and written communication skills
      Experience in building and leading an application security team and initiative
      Experience of working with geographically dispersed teams
      Experience working in an agile, DevOps/DevSecOps environment

Preferred:
      Working knowledge of static code analysis and dynamic analysis testing tools
      Experience in ISO27001, PCI or similar standards
      Supplier management and negotiation experience

Technical / professional qualifications:
      CSSLP, OSCP, CREST or similar

#LI-DG1  

You are currently using an outdated browser.

Please consider using a modern browser such as one listed below:

Google Chrome
Google Chrome
 Opera
Opera
 Mozilla Firefox
Mozilla Firefox