Director Application Security Lifecycle

Full Time
Phoenix, AZ
report a problem
Overview


Challenge Every Day
 
The Director of Application Security Lifecycle will be responsible for enabling innovation while protecting applications across the AXP Enterprise landscape by growing and leading a team tasked with finding and fixing vulnerabilities, promoting good security practices, and solving classes of security problems through engineering solutions. In addition, the ideal candidate recognizes the importance of building security solutions that scale and move at the speed of DevOps. Automated verification and reporting on risk is a must. The successful candidate should have several years of application development experience in addition to several years as a leader in application security, being able to solve problems directly with code while also leading a team to execute swiftly on large and complex problems. The candidate will be expected to drive results and lead through others.
 
Requirements
  • Provide strong leadership to a team of security engineers and practitioners by establishing clear direction, a productive culture, and measurable goals in pursuit of the overall organizational strategy and roadmap
  • Become an expert in the AXP Enterprise technology stack to understand points of weakness and opportunities for application security solutions
  • Integrate and measure security controls in the SDLC
  • Drive and manage embedded and automated security testing at scale and report on risk across AXP Enterprise applications
  • Collaborate with internal stakeholders and partners on addressing systemic security issues
  • Evaluate and prioritize security activities to ensure timely execution per risk based approaches and application team needs
  • Evangelize security within the development organization
  • Provide escalation point for resolving application security testing issues and concerns
  • Recruit, mentor, foster, and grow a talented team of application security experts
  • Continuously review application security tools and services to evaluate efficacy and applicability
  • Assist with architecture risk analysis and threat modeling
  • Provide training to internal teams on application security
  • Ensure successful execution of regulatory and audit responses

Qualifications

  • Bachelor’s Degree in Computer Science or similar field of study; advanced degree preferred
  • Relevant professional certification preferred
  • Five or more years of application security experience in a fast-paced, agile environment
  • Five or more years of software development experience across web, mobile, and API
  • Expert knowledge in building tools and/or processes to reliably identify security issues and business logic flaws (SAST, DAST, IAST, BDD, etc)
  • Expert knowledge in browser security controls, application security topics such as OWASP Top 10, and authentication infrastructure
  • Knowledge of and experience in application security program frameworks like OWASP SAMM and BSIMM
  • Knowledge of and experience in DevOps methods and principles
  • Strategy development and strong technical leadership experience
  • Track record of innovation, results, and ability to collaborate and affect change across functions
  • Demonstrated management and leadership experience with teams of 10 people or more
  • Proven ability to coordinate with geographically disbursed teams to drive results
  • Ability to communicate complex technical topics and facilitate discussions with business and technology leaders and peers
  • Ability to design, implement, and operate processes and methodologies in a manner that effectively supports business and information security objectives
  • Strong written and verbal communication, interpersonal, presentation, and negotiation skills
  • Demonstrated collaboration skills along with the ability to influence without authority

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.


ReqID: 17007915
Schedule (Full-Time/Part-Time): Full-time
American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other status protected by law.

US Candidates/Employees: Click here to view the "EEO is the Law" poster and supplement and the Pay Transparency Policy Statement.

If the links do not work, please copy and paste the following URLs in a new browser window: 
http://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm and 
http://www.dol.gov/ofccp/pdf/EO13665_PrescribedNondiscriminationPostingLanguage_JRFQA508c.pdf



Share this job:

American Express

American Express is a global service company, providing customers with exceptional access to products, insights and experiences that enrich lives and build business success.

Each day, American Express makes it easier, safer and more rewarding for consumers and businesses to purchase the things they need and for merchants to sell their goods and services. An engine of commerce, American Express provides innovative payment, travel and expense management solutions for individuals and businesses of all sizes. Most of all, we help our customers realize their dreams and aspirations through industry-leading benefits, access to unique experiences, business-building insights, and global customer care. We enable our customers to do and achieve more.

Specialties
Financial Services, Business Travel, Corporate Card, Network Services, Merchants Services
Visit American Express's Social Media pages:
Company Industry: Financial Services
Company Type: Public Company
Company Size: 10,001+