R3512 Senior Manager
Are you a highly skilled Security professional that has a passion for Application Security in a DevOps world? Bring your proficiency to help us craft our IT Security program, next gen. Work closely with our Application Development teams to provide secure applications and foster DevSecOps theory and processes; aligning the overall security model with business goals and ongoing operations. You bring to this position a high-level of security expertise, a deep understanding of modern development languages and cloud platforms. You have a consistent record for driving product security initiatives and experience delivering software security at scale. You'll lead application security testing (SAST, DAST, and RASP), penetration testing, web application firewall management, and red teaming. Help us re-think what it means to be a secure insurance provider in a fast-changing, highly fierce market.
Your day could include and experience we would like to see :
You will mentor, guide, lead and direct the maturity of the application security team responsible for an enterprise program
You will guide the integration of secure development standards, tools, and processes into the development lifecycle
You'll support the development and implementation of a threat modeling framework, secure frameworks and libraries
You will support development design reviews and other InfoSec processes as application security expertise is required
You will provide domain expertise for maturing of an enterprise secure code training program for developers and other critical partners
You'll produce relevant application security metrics that demonstrate a continually improving application security posture
You will be a hands-on technical manager, leading a team that develops and supports application security services consumed by product teams
This position will utilize your technical expertise to deliver the next generation of software-defined security services and tools while integrating into product development processes
Education, Certifications and nice to have:
7 or more years of Information Technology and Security experience
You have broad knowledge of IT Security technologies, process, techniques and a solid understanding of application security leading practices, including OWASP and CWE.
Considerable experience in code reviews, business logic assessment, and testing
Experience deploying cybersecurity solutions in a public cloud environment (IaaS, PaaS, SaaS)
Familiar with application security tools like BurpSuite Pro, SAST, DAST, RASP, nmap, Metasploit, and Kali Linux, etc.
Experience in 3rd-party testing tools such as Fortify, Veracode, WhiteHat, etc., is preferred
Experience in secure coding and software development in various languages (C#,. NET, Java etc.)
You have recent experience with Agile development/Scrum teams, and enthusiastically incorporate security stories/requirements into SDLC (CI/CD) with product owners/managers
You have deep knowledge of software, application design and architecture
You have substantial knowledge of TCP/IP, DNS, HTTP, HTTPS, VPN, SQL and other database technologies
CISSP, CEH, GWAPT, or OSCP certifications are highly desired
Bachelor's degree (in Information Technology or a related discipline) or equivalent experience
CSAA Insurance Group offers many benefits, including:
Comprehensive health care plans, including medical, dental, vision, and tax-deferred spending accounts.
Employee assistance, healthy pregnancy and wellness programs.
Paid time off, plus nine paid holidays and 24 hours of volunteer time off.
401(k) plus company matching up to 6% and a cash balance pension program.
Paid training, tuition reimbursement, self-service training and career development opportunities.
Be part of a community that works:
At CSAA Insurance Group, we take pride in our values-based culture. Helping our employees have enriched lives and satisfying careers is how we work. Our employees appreciate the integrity and inclusion that is evident throughout our everyday interactions. We respect the diverse range of perspectives, backgrounds and cultures of our teams, and join together when it comes to helping our members, community or one another.
Headquartered in Walnut Creek, California, our community also works in Arizona, Colorado, Nevada, New Jersey and Oklahoma. Learn more about us at CSAA-Insurance.aaa.com/careers
Please submit your application to be considered. We communicate via email, so check your inbox to ensure you don't miss important updates from us.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Must have authorization to work indefinitely in the US
Csaa Insurance Group