Principal Security Specialist - Application Security

Sage Group Atlanta , GA 30301

Posted 7 months ago

Job TitlePrincipal Security Specialist - Application Security AdvertSage is a global company with a local heart. The market leader for cloud-based accounting, financials, enterprise management, people, and payroll software, we empower the world's business heroesfrom single-person startups to large enterprises. Our people are passionate and positive. We inspire our colleagues to serve business builders everywhere and champion their success. As a FTSE 100 company with 14,000 colleagues across 24 countries, we do business the right way, while giving back to our local communities through the Sage Foundation. Be Sage, build on.

EOE AA/M/F/Vet/Disability

Sage Software is an Equal Opportunity Employer. We comply with the laws set forth in the Equal Employment Opportunity in The Law poster:

Sage is committed to Equal Employment Opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities. If you are interested in applying for employment and need special assistance or an accommodation to use our website to apply for a position, please contact us at We evaluate requests for reasonable accommodation on a case-by-case basis. Job DescriptionOVERVIEW:

Every day, Sage customers entrust us with their precious business data. As we accelerate the global expansion of our cloud products, it becomes more and more vital that we do the right things to justify our customers' trust in us by surrounding our products with world class information security. As part of our Application Security team, you will be part of a team with global reach and a great reputation, that works tirelessly to keep our customers' data safe and secure.

We need a passionate and curious colleague to ensure that we continue to grow our capability in security. You will be based in our Frankfurt office and be part of our team there, but you will also collaborate with colleagues around the world to lead and accelerate our security journey. We can offer a great environment with flexible working patterns and benefits.

As a team we champion the security of our customers' data across the entire product lifecycle, from development to launch and throughout the operational life of the product. We value flexibility and understand the value that diverse points of view can bring, so if any of these sound like you we would love to hear from you:

  • You love to crunch ideas with software architects and designers using threat modelling or similar techniques to build defence in depth and build systems that are secure by design.

  • You feel very comfortable with code and can talk to developers in their own language to help them grow their security expertise and develop software that our customers can trust.

  • You enjoy seeking out vulnerabilities and security flaws and then sitting down alongside development teams to help them figure how to fix them now and how to avoid the same mistakes in the future.

  • You have seen the power and agility that a DevOps approach can bring and understand how DevOps and security can come together to build secure software, faster.

Whatever your technical profile, we put equal value on influencing and communication skills. You will be mentoring and coaching individuals and teams to help them build security in from the ground up. We will need you to do this in an agile way that embraces everything the most modern public cloud platforms have to offer. We are not your stereotypical "preventers of information services".


To drive improvements in the end-to-end product/system lifecycle spanning the whole SDLC and post launch operations, covering major strategic customer-facing products and internally developed colleague-facing applications. To work with security champions to develop a strong security culture and capability and to evolve the security champions program as a whole. To ensure that new product/system releases are secure and that vulnerabilities discovered in live products and systems are quickly and effectively addressed. Key ResponsibilitiesKey accountability and decision ownership:

  • Working with Security Champions to develop a strong security capability in teams and improving the effectiveness of the overall Security Champion program

  • Driving continual improvement in the secure software development lifecycle and supporting our drive to a modern DevSecOps approach

  • Acts as the main point of contact on security issues for Product Delivery and EAD teams on major strategic groups of products/systems

  • Assessing major strategic groups of Sage products, application or systems to identify security weaknesses and creating improvement plans where required

  • Supporting security compliance as it relates to assigned products

  • Identifies the need for new tools and vendors and leads their evaluation

  • Drives significant improvement in key processes/standards and designs and implements new processes/standards

  • Contributes to performance evaluation and technical mentoring of junior team members

  • Provides technical security leadership for significant projects or workstreams

  • Active contributor to relevant industry bodies, conferences, open source projects etc.

Skills, know-how and experience:

  • Significant experience in implementing security in the software development lifecycle

  • Experience in implementing security in public cloud based SaaS applications

  • Proficiency in English written and verbal

  • Experience of working with geographically dispersed teams

  • Experience working in an agile, DevOps/DevSecOps environment


  • Experience in security operations

  • Experience of formal compliance frameworks (e.g. SOC, ISO27001, PCI or similar)

Technical / professional qualifications:


  • Relevant professional security qualification such a CISSP, CSSLP or similar

  • Relevant degree and >8 years commercial experience FunctionGlobal Information Security CountryUnited States Office LocationAtlanta Location Region

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Application Security (Appsec) Lead Specialist


Posted 5 days ago

VIEW JOBS 2/20/2020 12:00:00 AM 2020-05-20T00:00 Known for being a great place to work and build a career, KPMG provides audit, tax and advisory services for organizations in today's most important industries. Our growth is driven by delivering real results for our clients. It's also enabled by our culture, which encourages individual development, embraces an inclusive environment, rewards innovative excellence and supports our communities. With qualities like those, it's no wonder we're consistently ranked among the best companies to work for by Fortune Magazine, Consulting Magazine, Working Mother Magazine, Diversity Inc. and others. If you're as passionate about your future as we are, join our team. KPMG is currently seeking an Application Security (AppSec) Lead Specialist to join our Advisory Services practice. Responsibilities: * Provide technical leadership in the assessment, design and implementation of application security * Improve and manage the application security program and the company wide secure development standards * Conduct code reviews and static & dynamic code analysis * Effectively delivers technical debriefs to stakeholders including technical staff, stakeholders and leaders * Perform and oversee application and mobile security vulnerability assessments and penetration testing and provide vulnerability remediation guidance * Develops scripts, tools, methodologies and best practices to improve team capabilities while articulating business risks of technical vulnerabilities to client personnel; Scope prospective engagements and developing proposals; Identify and communicate findings to client personnel Qualifications: * Minimum five years of experience in Information Security in the areas of application security, security engineering, or cloud security * Bachelor's degree from an accredited college/university or equivalent professional experience * Understanding of Software Development Life Cycle (SDLC) and DevOps processes; Strong understanding of common application vulnerabilities, including OWASP Top 10 * Demonstrated experience with enterprise application development in one or more of the common development platforms: Python, Java/J2EE, .Net/C#, C/C++, Python, PHP * Prior working knowledge of security testing practices & tools (Fortify, BurpSuite, Contrast Security, Checkmarx, etc.); common application security testing techniques (SAST, DAST, IAST); Knowledge of networking and system level concepts such as web application architecture, REST APIs, SOAP, jQuery, AJAX CISSP, OSCP, GWAPT, GPEN GXPN certifications; Strong knowledge of Waterfall, Agile methodologies and continuous integration * Experience writing enterprise security standards, policies and coding guidelines; knowledge of secure coding practices, success with application security design and architecture; experience in application security vulnerability assessments and penetration testing KPMG LLP (the U.S. member firm of KPMG International) offers a comprehensive compensation and benefits package. KPMG is an affirmative action-equal opportunity employer. KPMG complies with all applicable federal, state and local laws regarding recruitment and hiring. All qualified applicants are considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable federal, state or local laws. The attached link contains further information regarding the firm's compliance with federal, state and local recruitment and hiring laws. No phone calls or agencies please. Kpmg Atlanta GA

Principal Security Specialist - Application Security

Sage Group