Location: Arlington, VA

Job ID: 5881


Capital TechSearch is seeking Vice President Product Security.  You will be responsible for the strategy, planning, development, and day-to-day operations of global product and application security program (PSP) and the secure design, engineering, and maintenance of external and internal-facing technologies, both open source and proprietary. 


In the VP role, you will grow a best-in-class team of direct hire employees and third party specialists who will develop secure SDLC policies, standards, and guidelines, and drive adoption of new secure application and cloud architectural designs to create groundbreaking, secure applications.  You will regularly collaborate with the business heads and the wider security and engineering organizations to address security and compliance challenges and engage in a variety of security-related projects and initiatives.


Responsibilities:

  • Grow and manage the global Product Security Team (PST) to develop and drive programmatic efforts to address external, internal, and emerging application security risks throughout the organization.
  • Serve as the company's Secure Development Lifecycle (SDLC) leader, leading the overall PSP program strategy, developing key policies and standards, and advising company leadership and stakeholders on related subject matter.
  • Develop key partnerships with engineering leadership across the company and work to improve knowledge, skills, and abilities within their staff to facilitate positive change in secure coding and engineering.
  • In a primarily Agile and DevOps environment, develop and deliver application security strategy, including but not limited to the operating model, staffing, training, and execution plans.
  • Working with the application teams, initially in Virginia and Hong Kong, ensure that product security risks are effectively identified and appropriately addressed while maintaining a balance across agility, speed to market, security and usability.
  • Develop and facilitate product vulnerability management program, including internal coordination and triage of security-related vulnerabilities, and management of external vulnerability management programs and bug sources.
  • Act as an application security evangelist who can translate security concepts into language that is meaningful to varying audiences, including business and technical leader.
  • Integrate new and existing security tools, standards, and processes into the development life cycle, including automated static and dynamic analysis, manual code review, fuzzing, and open source testing tools.
  • Produce metrics reporting the state of application security programs and performance of development teams against requirements.
  • Working with key engineering stakeholders and team members, assess current application security environment with regulatory and industry requirements, to inform areas of noncompliance/gaps to be remediated for all application security requirements, including; GDPR and other global financial services and sovereign regs/industry standards.
  • Conduct program / business unit level security architecture assessments to evaluate existing security program and cloud application architecture, identify weaknesses and make recommendations.
  • Conduct threat modeling to assess security threats and risks in order to define and implement appropriate architectural security.
  • Develop security architecture standards, frameworks and design patterns spanning all layers of security from host, server, mobile, and network to application and data security.
  • Stay current with security technologies such as cloud platform security, DevOps security, identity and access products, endpoint security products, network security technology and mobile security technologies and makes recommendations for engineering teams.
  • Evaluate and engage with best-in-class 3rd party vendors and specialists as required. 

Experience and Qualifications:

  • 5+ years of experience with security including architecture or security engineering, user, platform and device authentication, and various levels of access controls and authorization, enterprise directories and their integration with other systems in a large, complex environment
  • MS Degree in Computer Science, Engineering or a related technical discipline and / or at least 10+ years of related security engineering, R&D leadership, and software engineering experience
  • Experience with application security technologies such as code scanning, FOSS, vulnerability analysis, and security for automated deployments
  • Demonstrated knowledge of infrastructure security, including Windows, Unix/Linux, desktop/laptop, and mobile security, as well as knowledge on cryptography and PKI
  • Demonstrated ability to think strategically about business, product, and technical challenges
  • Experience with a wide range of IT system components including architecture, authentication, connectivity, system hardware and software components, virtualization, cloud computing, and mobile
  • Knowledge of application security, including Web Services, as well as Agile and DevOps, mobile security and mobile development
  • Proven understanding of security for structured databases and unstructured data
  • Experience with enterprise class security products such as Identity Management and Single-Sign-On
  • Experience with cloud technologies like Amazon Web Services, GPC, Azure, etc.
  • Proven ability to work with compliance frameworks and requirements such as GDPR, SOX, FFIEC etc.
  • Demonstrated knowledge of threat modeling frameworks, threat and vulnerability management approaches, and security monitoring and analytics
  • Ability to manage 3rd party vendors and contractors
  • Experience with authoring secure SDLC guidance, including policies, strategies, and whitepapers
  • Prior work experience in financial services or social media / real-time operations environments.
  • Ability to work in a fast paced, high tech environment juggling multiple priorities while meeting deadlines.
  • Must be committed to a culture of continuous improvement and continuous delivery.
  • Exceptional customer service skills, in addition to extensive experience working in a team-oriented, collaborative environment.
    Strong communication, influencing and presentation skills.
    Ability to maintain positive attitude in high pressure situations and manage distributed teams with competing priorities with tight deadlines


To be immediately and seriously considered for this exceptional opportunity please apply below. Your responses will be held in the strictest confidence.

Please call our office if you have any questions. Capital TechSearch, Inc. is an Equal Opportunity Employer.


Apply for this position

  • Accepted file types: doc, docx, pdf, txt.
    File types permitted: .DOC, .DOCX, .PDF, or .TXT
  • Accepted file types: docx, doc, pdf, txt, rtf.
    docx, doc, pdf, or txt files
  • Add any additional information in the notes that describes your value and fit for the position. Additional considerations may include your availability, compensation, and if you are not local to the position, your interest in relocating.

By clicking "Apply" you agree to receive new job updates, information and news from Capital TechSearch, Inc. You can always unsubscribe from our communications at any time.