Director of Application Security (US Remote)

Company Description

Ready to make a difference? Experian has evolved into a global tech company and leader in data and analytics. We’re passionate about unlocking the power of data in order to transform lives and create opportunities for consumers, businesses and society. We’re a constituent of the FTSE 30 and for more than 125 years we’ve helped economies and communities flourish – and we’re not done.

Discover the Unexpected - Our 22k amazing employees in 30+ countries believe the possibilities for you, and the world, are growing. We’re investing in the future, through new technologies, talented people and innovation so we can help create a better tomorrow. To do this we employ ‘big-thinkers’ and ‘can-doers’ that share our purpose #uniquelyexperian

Job Description

The Director of Application Security is responsible for the direction and delivery of application security services, enabling the business to improve the security of applications being developed at Experian, assisting them in understanding principles of secure coding, and helping them investigate and remediate security findings in their applications. You will ensure that the requirements of security as per the Software Security Policy are met for new applications and for Experian’s legacy estate, with security flaws and issues managed effectively throughout all stages of an application development life cycle. 

This role will engage with the business community to support forward momentum ensuring that the secure code principles are being applied in the application development, and that code flaws are detected as early as possible in the life cycle, delivering at speed to our clients.  

This role will report to the VP of Cloud and Application Attack Surface Management (CAASM)

What you'll be doing

• Work with the VP CAASM and peers to provide effective strategies for Application Security, including static scanning (SAST), dynamic scanning (DAST), Software Composition Analysis (SCA), and Penetration Testing 
• Engage with business leadership (CTOs and CIOs) to ensure strategy is understood, agreed upon, and implemented across all Experian Regions
• Collaborate directly with engineering leaders to integrate security into the product development lifecycle
• Provide strategic guidance for SDLC and product delivery, including: 
  • Security design and architecture 
  • Secure coding standards 
  • Security testing and remediation 
  • Perform application threat modeling 
  • DevOps and DevSecOps integration (CI/CD) security 
  • Automated product security testing 
  • Container security testing 
• Disseminate security policies, standards, processes, and guidance on newly identified security threats and vulnerabilities 
• Ensure that vendors provide best possible service 
• Lead security assessments and audits 
• Develop and mentor a high-performing team, setting clear objectives and fostering a culture of innovation
• Drive continuous process improvement activities
• Stay abreast of emerging security threats, technologies, and best practices, adjusting strategies accordingly

Qualifications

What your background looks like

• 8+ years' of direct experience in application security, with a proven track record of leadership in designing, implementing, and managing security programs for cloud-based platforms at large product companies
• 5+ years' of managerial experience
• Deep technical expertise across multiple technical domains, including cloud computing, security, and identity and access management
• Previous experience with automated workflows in CI/CD, DevOps, or DevSecOps environments 
• Previous experience using tools enabling automated workflows, such as Jenkins, Gitlab, TFS, Github, etc. 
• Experience with modern delivery methodologies, including Agile and DevSecOps 
• Experience in both designing and securing solutions in a complex and regulated enterprise environment
• Deep understanding of cloud computing technologies and security principles, particularly in AWS, Azure, or GCP environments 
• Strong technical background in security architecture and application security
• Proven experience in overseeing the linking of cross-functional applications between disparate business units and systems
• Experience with business and technical requirements, analysis, business process modeling/mapping, methodology development, and data mapping
• Strong background in risk management methodologies as they relate to integration/software testing
• Project management skills and/or substantial exposure to project-based work structures, project lifecycle models, etc. 
• Experience leading teams focused on Application Security, including application scanning, manual pen testing, threat modeling, offensive security, and software security architecture 
• Outstanding writing and documentation skills
• Able to communicate ideas in both technical and user-friendly language
• Knowledge of applicable data privacy practices and laws
• Four-year college diploma or university degree in computer science or computer engineering, and/or 5 years of equivalent work experience
• Professional certification such as CISSP, CCSP or CCSK, Cloud Platform and Infrastructure are a plus 
• Working knowledge of standard industry cybersecurity requirements and regulatory requirements such as OWASP, HIPAA, HITRUST, ISO 27001, NIST 800-53, and PCI-DSS 
• Willing to travel globally as required

Perks

• ​20 days of vacation accrued annually, five sick days, and two volunteer days (plus twelve paid holidays)
• Competitive pay and comprehensive benefits package, with a bonus target of 20%
• This role can be 100% remote long-term or you can work out of one of our offices
• People-focused culture where personal and professional growth is prioritized
• Recognition and celebration of performance and achievements
• Power to bring your whole self to work – where your differences and values will be respected and celebrated
• Employee Resource Groups set up and run by employees, for employees. These networks build, celebrate, and further understanding of the diverse identity and experiences within Experian, in support of our commitment to diversity and inclusion. 
• International network of peers; mentorship programs

Additional Information

All your information will be kept confidential according to EEO guidelines.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Our goal is to create a thriving, inclusive and diverse team where people love their work and love working together. We believe that diversity, equity and inclusion is essential to our purpose of creating a better tomorrow. We value the uniqueness of every individual and want you to bring your whole, authentic self to work. For us, this is The Power of YOU and and it reflects what we believe. See our DEI work in action!

Please contact us at JobPostingInquiry@experian.com to request the salary range of this position (please include the exact Job Title as it reads above in your email). In addition to a competitive base salary and variable pay opportunity, Experian offers a comprehensive benefits package including health, life and disability insurance, generous paid time off including 12 company paid holidays and parental and family care leave, an employee stock purchase plan and a 401(k) plan with a company match.

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here