Director, Application Security and Testing CoE

As the Director of Application Security and Testing Center of Excellence, you will be responsible for leading a team of application security engineers in evaluating the secure coding of Cox Communications' custom and third-party software, executing automated static and dynamic application security testing, and managing and ensuring compliance with web application firewall policies. You will also lead the Testing Center of Excellence, which coordinates and performs manual penetration tests for web applications, mobile applications, and hardware devices.
You will implement and evolve the Application Security strategy based on ever-changing cyber threats. Your organization will use their deep knowledge of secure coding to ensure security controls are applied throughout the software development lifecycle. Operational activities will include managing automated SAST, SCA and DAST testing processes, coordinating manual penetration testing of applications and devices by third-party providers, partnering with development teams to ensure remediation of findings, and managing the responsible disclosure process for the reporting of vulnerabilities.
You will report to the Senior Director of Vulnerability Management, Application Security, and Controls Monitoring at Cox Communications.
PRIMARY RESPONSIBILITIES AND ESSENTIAL FUNCTIONS:

• Lead an application security team that implements and enforces secure coding guidelines, application vulnerability identification, and risk mitigation throughout the software development lifecycle.
• Manage and drive compliance with web application firewall requirements that protect public-facing product and enterprise websites.
• Manage and drive compliance with secure coding requirements.
• Oversee the Testing Center of Excellence, which coordinates and executes manual penetration tests of web applications, mobile applications, and hardware devices in partnership with third-party providers.
• Oversee project delivery including financials, milestones, deliverables, and internal and 3rd party labor.
• Manage the security researcher responsible disclosure process for reporting vulnerabilities in our public-facing websites.
• Ensure the smooth operation of automated testing processes.
• Identify and implement enhancements to existing processes.
• Build positive relationships with development teams and their leaders and support them in remediation of findings.
• Manage and coordinate Cybersecurity engagement, processes and policy implementation across the organization.
• Lead and contribute during security events and incident response as necessary and identify improvements to prevent them from reoccurring.
• Update strategies based on emerging security trends, threats, and technologies, and recommend appropriate solutions and enhancements.
• Collaborate with cybersecurity peers to incorporate vulnerability management, governance, risk and compliance, cyber defense, continuous controls monitoring, and identity governance into cybersecurity standards as a cohesive cybersecurity organization.

QUALIFICATIONS AND EXPERIENCE:
Minimum

• Bachelor's degree in a related discipline and 10 years' experience in a related field. The right candidate could also have a different combination, such as a master's degree and 8 years' experience; a Ph.D. and 5 years' experience in a related field; or 22 years' experience in a related field.
• At least 8 years focused on cybersecurity.
• 5+ years in a people leader role directing and reviewing people's performance.
• Must have practical expertise in some of the following areas: static source code analysis, manual and automated dynamic analysis, secrets management, web application firewall, and API security.
• Must be able to read and understand common coding languages such as Python, C#, Go, PHP, Java, or JavaScript (Node, Vanilla JS, or React).
• Clearly articulate the objective of specific cybersecurity policies and procedures to technical and non-technical stakeholders at multiple levels.
• Able to make decisions, supervise complex programs, and set priorities for highly skilled individual contributors.
• Excellent customer service, writing, and executive presentation skills.
• Develop a strong and productive working environment with key stakeholders and collaborate closely with other Cox entities' cybersecurity teams to implement cybersecurity best practices.
• Consultative nature to work through controversial or complex topics to employees, leaders, and/or senior leadership.
• Evaluate risks and recommend actions based on impact and likelihood of the risk to the business.
• Knowledge of current cybersecurity and technology architectures such as zero trust, IaaS, PaaS, SaaS, virtualization, and containerization.
• Creatively solving complex cybersecurity challenges while exhibiting solid, pragmatic business acumen.
• Experience utilizing Agile methodologies and DevSecOps.
• Initiating change and deploying solutions in Fortune 1000 companies.
• Knowledge of cybersecurity frameworks (e.g., ISO 27000, NIST) and industry relevant regulations that will guide architectural requirements (e.g., PCI, GLBA).

Preferred

• Direct experience in application development.
• Direct experience performing application penetration testing.
• Experience with cloud infrastructure (AWS, GCP, or Azure) and services and on-premises infrastructure.
• Experience in the development and design of cybersecurity standard methodologies to all layers of the hosting and application stack in both cloud and on-premises environments.
• Relevant experience with network security and software-defined networking across a variety of environments and deployments.
• Knowledge of Identity and Access Management (IAM), cryptography / key management, secrets management, access controls and security protocols (e.g., multi-factor, SAML, OAuth, OIDC).
• Experience with firewalls, web application firewalls, and other edge services as well as deep understanding of DMZ and other network architectures.
• Experience in national critical infrastructure industries (telecommunications, financial services, defense, government, etc.).
• Big four consulting or Fortune 500 company experience.
• Relevant industry certification (e.g., CISSP, CEH, OSCP, Azure, AWS, CISM, CISA).

USD 159,400.00 - 265,600.00
Compensation:
Compensation includes a base salary of $159,400.00 - $265,600.00. The base salary may vary within the anticipated base pay range based on factors such as the ultimate location of the position and the selected candidate's knowledge, skills, and abilities. Position may be eligible for additional compensation that may include an incentive program.
Benefits:
The Company offers eligible employees the flexibility to take as much vacation with pay as they deem consistent with their duties, the company's needs, and its obligations; seven paid holidays throughout the calendar year; and up to 160 hours of paid wellness annually for their own wellness or that of family members. Employees are also eligible for additional paid time off in the form of bereavement leave, time off to vote, jury duty leave, volunteer time off, military leave, and parental leave.
Applicants must currently be authorized to work in the United States for any employer without current or future sponsorship.