Senior Application Security Manager

At SmartBear, we deliver the complete visibility developers need to make each release better than the last. Our award winning and industry favorite tools are trusted by over 16 million developers, testers, and software engineers at 32,000+ organizations – including world-renowned innovators like Adobe, JetBlue, FedEx, and Microsoft. 

About the role:

The Senior Application Security Manager is responsible for providing technical and operational expertise in information security systems, principles, and practices. As a Senior Application Security Manager, you will play a key role in the evolution of the security architecture and solutions in support of current and new products in cloud-based, on-premises and desktop SmartBear solutions.

The incumbent contributes to improving the security culture by providing a security perspective on ongoing software development.  You will build and lead a team of application security professionals and foster a sense of community, urgency, and engagement amongst your team.

This position requires strong technical knowledge, skills and expertise in Information Security as well as experience in software development.

Responsibilities:

• Participates in product security architecture planning for on-premises, cloud-based and desktop solutions
• Provides actionable advice to development teams and acts as an Information Security subject matter expert on product development matters
• Conducts product security threat and risk assessments for all software products on a regular basis
• Interprets risk assessment results for applicability to IMS source code and deployed solutions
• Works with product & development managers for the assessment and prioritization of security related tasks in the development backlog
• Participates in the Security response team as needed related to code-level software vulnerabilities
• Improves the adoption of security best practices in testing, automation, and continuous integration pipelines
• Broadens developer awareness of secure software development best practices
• Lead the design and implementation of succession planning and key talent review processes across Ring; partnering with stakeholders to execute talent success and professional career development plans and programs
• Design and develop enterprise level talent processes to support business strategy.

We are looking for someone who has (Qualifications): (max 6 bullet points)

• Undergraduate degree in Computer Science or Engineering or equivalent experience required.
• 4-5 years of pertinent experience in software development and a minimum of 2 of those years of experience with a focus on Information Security.
• Strong knowledge of techniques, standards and capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation.
• Strong knowledge of information security from a strategic and tactical point of view.
• Experience developing software in Java, C#, C++, C, Python or Go.
• Excellent understanding of software applications and coding practices.
• Solid understanding of network architectures and protocols, operating systems, and core infrastructure security concepts and concerns.
• Preference will be given to people with experience in AWS, Azure or Google cloud security.
• Preferred experience in leading a team, with a focus on delegating workload.

Expectations

• Provide security guidance to Engineering and Product teams
• Build threat models and conduct risk assessments for new features and services
• Build libraries and tools to make software at SmartBear secure by default
• Perform design and code reviews (lots of them!)
• Identify, triage, resolve, and manage security vulnerabilities identified in SmartBear products by a variety of means, including client-input, bug bounty program, self-identification and automated SAST and DAST tools from major appsec vendors
• Make security an integral part of our CI/CD pipeline
• Champion security at SmartBear
• Build a team with diverse experiences and abilities, with the ability to recruit new members, mentor less-experienced members and ensure team is engaged and excited to work at SmartBear!
• Strong understanding of Web application security, including hands-on exploitation skills
• Familiarity with secure development practices and security testing techniques (SAST, DAST, fuzzing, etc.)
• Ability to explain complex security issues and their impact to diverse audiences

Why you should join the SmartBear crew

• You can grow your career at every level.
• We invest in your success as well as the spaces where our teams come together to work, collaborate, and have fun.
• We love celebrating our SmartBears; we even encourage our crew to take their birthdays off
• We are guided by a People and Culture organization - an important distinction for us. We think about our team holistically – the whole person. 
• We celebrate our differences in experiences, viewpoints, and identities because we know it leads to better outcomes. 

Did you know

• Our main goal at SmartBear is to make our technology-driven world a better place.
• SmartBear is committed to ethical corporate practices and social responsibility, promoting good in all the communities we serve.
• SmartBear is headquartered in Somerville, MA with offices across the world including Galway Ireland, Bath, UK, Wroclow, Poland and Bangalore, India.
• We’ve won major industry (product and company) awards including B2B Innovators Award, Content Marketing Association, IntellyX Digital Innovator and BuiltIn Best Places to Work

SmartBear is an equal employment opportunity employer and encourages success based on our individual merits and abilities without regard to race, color, religion, gender, national origin, ancestry, mental or physical disability, marital status, military or veteran status, citizenship status, age, sexual orientation, gender identity or expression, genetic information, medical condition, sex, sex stereotyping, pregnancy (which includes pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), or any other legally protected status.

#LI-Remote