Home > New Jersey jobs > New Jersey management/professional

Posted: Friday, January 26, 2018 1:47 PM

The company operates within the Insurance industry.Lead the Application Security function and the enterprise application security framework development, compliance, strategy and governance for the CISO Organization (2ndline of defense) which services all business units and corporate groups across NYL.Leads 2nd lline software security consulting efforts to support various NYL application development teams includes application security reviews, requirements, threat modeling, analysis of software vulnerabilities, remediation prioritization, and other key 2ndline software security program deliverables.Supports the oversight of software security testing and vulnerability remediation for new, legacy, hosted/SaaS and COTS platforms across the NYL environment.Supports the review of 3rdparty software that NYL may acquire.Helps to set requirements that drive the engineering, analysis and performance of application security technologies; as well as reviewing the output of these systems and processes. Lead the development of security policy and standards that effect application security across the enterpriseManages the delivery of software security policy and standard that affect the lifecycle of coding practices, testing methodologies and other key software security related practices.Provides guidance to the evaluation and development of emerging application protection technologies at New York Life.Consulted on Technology Security engineering deliverables as part of coordination and delivery of application penetration testing, architecture and design review decisions for assigned areas of expertise; contributing an expert understanding of vulnerable conditions and remediation prioritization approaches.Provides education and coaching to less experienced staff to encourage quality and consistent approaches with regard do application security.Maintains contemporary knowledge of current and future application security technologies, concepts and architectures.Experience in the development/maintenance of: software security programs, policy, standards and processVersed in software security design (Waterfall, Agile, etc) and testing methodologies (SAST, DAST, IAST, RASP, SCA, Pen Testing); as well as familiarity with any of the following products: HP Fortify, VeraCode, Prevoty, IBM AppScan, Contrast Security, WhiteHat Security, Seeker, Coverity, Protecode, SecureAssist, etc.Some experience with one or more general purpose programming languages including but not limited to: Java, C/C++, C#, Objective C, Python, JavaScript, Assembler, Cobol or Go.Experienced with performing root cause analysis, risk identification, and risk mitigation.Experience understanding the areas of application architecture and software design, SDLC operations and secure software engineering.Interpersonal skills including the ability to collaborate effectively, and excellent written and oral communications.Some hands-on experience with software engineering, software lifecycle management, Knowledge of common problem resolution activities for enterprise grade applications.Additional preferred experience Experience with the cloud (AWS, Azure, RackSpace, etc), DevOps, CI/CD Pipeline Development, and Ethical Hacking.


• Location: New Jersey

• Post ID: 156650967 nynj is an interactive computer service that enables access by multiple users and should not be treated as the publisher or speaker of any information provided by another information content provider. © 2018