Director of Application Security

at Pegasystems, Inc. in Dover, Delaware, United States

Job Description

Director of Application Security

Job Category: Engineering & Cloud

Location: US – New York – Remote | US – Connecticut – Remote | US – New Jersey – Remote | US – New Hampshire – Remote | US – Florida – Remote | US – Georgia – Remote | US – North Carolina – Remote | US – Maryland – Remote | US – DC – Remote | US – Rhode Island – Remote | US – Delaware – Remote | US – Maine – Remote | US – South Carolina – Remote | US – Vermont – Remote | US – Georgia – Alpharetta | US – Massachusetts – Remote


Meet Our Team:

No-code and low-code are all the craze. We at Pega are at the cutting edge of these concepts, providing revolutionary solutions for some of the world’s largest organizations and the most recognizable brands.

Imagine going from an idea to a fully functioning application in production that solves real business problems within a matter of a few weeks without writing any code. Applications that solve some of the most complex problems but presented in quick and rich user experience. Our customers build their applications once, and it is our job to “future proof” their investment through technology evolutions and production innovations. Now imagine solving complex security problems for our Pega Platform customers.

That’s a challenging set of expectations to meet. That’s where you come in.

Picture Yourself at Pega:

By joining an analyst-recognized leader in the space, you will be the catalyst and focal point guiding talented engineering teams in building securely differentiated products that enable our clients in their efforts to serve their customers. In a short period, you will be guiding engineering teams in building and delivering secure software.

At Pega, the application security team continuously seeks to improve the secure development lifecycle (SDL) by evaluating tools, processes, and training. We’re looking to hire an experienced Director of Application Security to join our exceptionally talented security tribe with a particular focus on secure software development lifecycle and DevSecOps. As the leader of the SDL, you will own and be responsible for the SDL from start-to-finish establishing design and threat modeling requirements, managing the risk of using third-party tools, and defining metrics and reporting in Pega’s customer-facing products and services that ensure the products continued success. You will be strongly opinionated on how to implement the secure development lifecycle iteratively. You will grow and lead a chapter of security champions throughout the engineering organization that will be security change agents. You will manage a team of experts that aid in translating security findings into actionable changes. You will collaborate with our CISO, Cloud Security tribe, the quality organization, and Product Managers and owners to continuously improve the SDL and disseminate best practices. You will be outwardly focused on the ever-changing landscape of software development security threats, incorporate new technologies into processes and develop customer-facing positions on how Pega delivers secure code.

What You’ll Do at Pega:

+ Enhance the secure development lifecycle to prevent the software from shipping with vulnerabilities

+ Build, train, and lead a chapter of security champions embedded within the development teams to serve as change agents and privileged points of contact if any sensitive security vulnerabilities are discovered

+ Iterative and incremental coordinated delivery and prioritization of secure development lifecycle capabilities across both products and services

+ Define the privacy product vision and collaborate with internal partners to build an understanding of client use cases that involve sensitive data and ensure that client data can be properly protected

+ Manage and lead a DevSecOps team to enable security champions to be effective and implement changes into the software delivery CI/CD pipelines

+ Work with internal teams to integrate and track the SDL into their processes, products, and services.

+ Stay current on material developments in the delivery of secure code

+ Drive the long-term product and services SDL framework and vision

+ Develop and execute strategy for continuous enhancements to development processes that scale

+ Enable client success through targeted enablement collateral and thought leadership pieces to drive clarity both internally and externally

Who You Are:

You are an accomplished Application Security professional who understands the importance and the processes of delivering secure code. You are empathetic and passionate about your customers and thrive in a fast-paced, collaborative, and cross-functional environment. With a blend of technological know-how and strategic vision, you are regarded as a thought leader who can express ideas in a clear and convincing manner, in front of clients and decision-makers. You possess a deep understanding of how to deliver secure code (e.g. static and dynamic analysis system testing, penetration testing) through methodically planning that enables the consistent delivery of products and services. You can quickly grasp existing build processes and see how to efficiently introduce or enhance their security aspects. You are pragmatic and understand tradeoffs very well when introducing pipeline changes.

What You’ve Accomplished:

+ 10 years of overall experience with at least 6 years in Application Security

+ Bachelor’s degree in computer science, similar field, or relevant experience

+ Developed, implemented, and enhanced a secure development lifecycle across an enterprise

+ Implement security processes into the CI/CD pipeline

+ Built and managed a security champion program

+ Security domain knowledge: SAST, DAST, SCA, threat modeling, penetration testing, attack frameworks

+ Bonus: CSSLP or other relevant certifications

Pega Offers You:

+ Gartner and Forrester acclaimed technology leadership across our categories of products in a massive emerging market

+ Continuous learning and development opportunities

+ An innovative, inclusive, agile, flexible, and fun work environment

+ Competitive global benefits program inclusive of pay + bonus incentive, employee equity in the company

Job ID: 15461

As anand Affirmative Action employer, Pegasystems will not discriminate in its employment practices due to an applicant’s race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, veteran or disability status, or any other category protected by law.

Accessibility – If you require accessibility assistance applying for open positions please contact.

Copy Link

Job Posting: JC194182251

Posted On: Oct 07, 2021

Updated On: Nov 19, 2021