Cincinnati Bell Lead Security in Cincinnati, Ohio
August 24, 2018
Are you looking to make significant strategic contributions and receiving the rewards and recognition that you deserve? CBTS is a recognized leader in global IT professional services that delivers the best talent, drives innovations, yields tangible savings and builds sustainable value.
CBTS is currently searching for a Lead Application Security Engineer that will be responsible for creating and managing the process, procedures and tooling of the application security program. This is a leadership, as well as hands-on, role requiring an application security professional who has a solid background in application development and coding experience, combined with an understanding of Information Security and Secure Coding / Secure Software Development principles. As the Application Security program is built, this role will be responsible for driving the build-out of standards and collaborating with the Business Units to implement those standards and tools.
Responsibilities and Duties:
Work in conjunction with the Architecture team to lead the development of the Application Security program for the Enterprise
Provide strong leadership and cross-functional / stakeholder communications
Work with the Architecture team to select and lead deployment of tools as necessary to expand the program. Integrate those into the SDLC for automation and assistance to developers.
Execute the scanning tools. Reviewing results and coordinating with the Application Development teams the tracking and remediation of findings.
Assist the Development teams with code reviews and integrating security into the multiple SDLC processes.
Work with the internal Cyber Threat Team on scheduling penetration tests of critical applications and work with those development teams on remediation of findings.
Work with architecture teams to build, execute, and track a roadmap of Application Security maturity
Build and maintain documentation related to the application security program including the development of, or updates to, new or currently established baselines for secure application development.
Build relationships with the key teams in the enterprise including: application development teams, project management organization, hosting, and information security
Escalate to senior leadership any major concerns with applications in the organization due to security risk. These can be detected through tools, manual or third party testing • Track metrics and the reporting of those metrics to help the organization understand the program success
Evaluate new security trends and technologies
Participate as necessary as a subject matter expert in the incident response program as well as other enterprise wide application programs.
Consulting with Business Unit Application Development teams on best practices • Other duties as assigned.
Qualifications and Skills:
Bachelor’s degree in related discipline with 5 or more years experience
Experience working within a Secure SDLC environment
Experience with application assessment tools (SAST and DAST)
Experience with application security tools (WAF, etc.)
Excellent communication skills and the ability to develop and leverage effective relationships with developers, business leaders, stakeholders, and externally
Strong collaboration, communication, problem solving, documentation, conceptual and analytical skills
Experience with service or program building including metrics and operations
Able to work at high level of autonomy in a dynamic environment
Experience with DevOps, Agile SDLC processes
Experience working in a complex, distributed enterprise environment
Ability to prioritize and manage work to critical project timelines in a fast-paced environment
Strong sense of personal accountability
Ability to learn and apply new technologies quickly and self-directed
Cincinnati Bell Technology Solutions provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a protected veteran in accordance with applicable federal, state and local laws