• Job Description

  Req#: REF16301Z

  Company Description

  Experian unlocks the power of data to create opportunities for consumers, businesses and society. During life’s big moments – from buying a home or car, to sending a child to college, to growing a business exponentially by connecting it with new customers – we empower consumers and our clients to manage data with confidence so they can maximize every opportunity. We gather, analyse and process data in ways others can’t. We help individuals take financial control and access financial services, businesses make smarter decision and thrive, lenders lend more responsibly, and organizations prevent identity fraud and crime. For more than 125 years, we’ve helped consumers and clients prosper, and economies and communities flourish – and we’re not done. Our 20,600 people in 43 countries believe the possibilities for you, and our world, are growing. We’re investing in new technologies, talented people and innovation so we can help create a better tomorrow.

  Job Description

  Application Security Manager

  Description

  The Application Security Manager will be a highly technical leader of a team of Information Security Application Engineers and Penetration Testers tasked with advancing Experian’s Secure SDLC initiatives. In this role you will build and foster the team’s abilities to collaborate and achieve security outcomes, manage the team’s project and operational activities in coordination with Experian’s global directory of product owners and developers, advocate and advance goals of the application attack surface management program, lead application security reviews, deliver reports that enable understanding and remediation of security findings and consult in risk centric strategies.

  Reporting Relationship

  Reports to the Director of Application Attack Surface Management

  Functions

  • Lead and mentor a team of application security engineers and penetration testers.

  • Guide team members’ daily project and operational activities

  • Interact with Experian’s product development teams to advocate secure SDLC activities.

  • Manage and mature the application security program through direct interactions.

  • Actively seek to improve our application security and penetration testing operations.

  • Identify improvement opportunities in all processes and activities involved.

  • Work with architects and engineers to review and design security requirements.

  • Manage and enhance the existing security testing and measurement capabilities in the SDLC.

  • Participate in security and technology strategic planning to ensure identified risk governance is incorporated into the enterprise strategy.

  • Appropriately assess risk and provide software security advice when business decisions are made.

  • Set strategies, processes and oversee the management and operations of SAST, SCA, DAST, and penetration testing operations to provide coverage for the application portfolio.

  • Function as a subject matter expert in application, network and cloud penetration testing, scanning platforms, exploits, tools, and techniques.

  • Building and executing a security testing strategy.

  • Manage test resources to ensure maximum performance.

  • Ensuring secure outcomes of application and configuration testing.

  • Oversee vulnerability identification and measurement.

  • Collaborate with software engineers and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC).

  • Collaborate and maintain Experian’s Security champion and partners network, with the main objectives of understanding their needs and the risk profile for each application and customize solutions to meet the needs of the application.

  • Guide development teams through a review of their applications and risks against common application flaws like OWASP Top 10 and others Provide visibility to senior management along with context and prioritization of the issues.

  • Operate as an advocate for Security in interactions with internal and external teams.

  • Work with Risk & Compliance teams on SOC 2, PCI-DSS, HIPAA, and other audits as needed Research and recommend policy and procedures as they relate to Application Security

  • Lead projects to implement security technologies for the entire enterprise.

  • Integrates 3rd party and builds custom solutions into our CI/CD pipelines and development cycles.

  • Define security guardrails through automated tool policies, SLAs, custom rules, and support the developer community.

  • Help the enterprise manage vulnerabilities across automated tooling and manual security assessments.

  • Work with Champions to build relationships and ensure key activities are supported and deliverables are achieved in a timely manner.

  • Support education and awareness strategy, rollout for Development community.

  • Support the AppSec technical team and ensure relationships with Business and team maximised and effective.

  Qualifications

  Position Requirements

  Formal Education & Certification

  • Four-year college diploma or university degree in computer science or computer engineering, and/or 5 years equivalent work experience in application development.

  • CISSP or CSSLP Preferred.

  • Preferred certifications are listed as follows OSCE3, OSCE, OSCP, OSWE, CCSAS, CCT, CRT, GXPN or similar certification.

  • Certifications in Application Testing Mechanisms preferred.

  Knowledge & Experience

  • 8-13 years direct experience in enterprise-level applications security.

  • 3-5 years supervisory experience preferred.

  • Previous experience leading teams of penetration testers strongly encouraged and highly desired.

  • Experience leading a penetration testing program.

  • Experience with SAST, Software Composition Analysis (SCA), DAST, IAST, RASP tooling

  • Experience in AppSec or DevSecOps groups

  • Experience with CI/CD pipelines

  • Experience with cloud-based application architectures

  • In-depth knowledge of penetration testing tools and methodologies.

  • Proven experience in overseeing the linking of cross-functional applications between disparate business units and systems.

  • Experience with business and technical requirements analysis, business process modeling/mapping, methodology development, and data mapping.

  • Strong understanding and background in MITRE, OWASP, SafeCode, risk management methodologies as they relate to integration/software testing.

  • Good project management skills and/or substantial exposure to project-based work structures, project lifecycle models, etc.

  • Strong understanding of end-user needs and requirements.

  • Excellent understanding of the organization’s goals and objectives.

  Personal Attributes

  • Excellent oral and interpersonal communication skills.

  • Outstanding writing and documentation skills.

  • Able to communicate ideas in both technical and user-friendly language.

  • Able to conduct research into application issues and products.

  • Highly self-motivated and directed, with keen attention to detail.

  • Able to prioritize and execute tasks in a high-pressure environment.

  • Experience working in a team-oriented, collaborative environment.

  • Knowledge of applicable data privacy practices and laws.

  • Willing to travel globally as required.

  Key Performance Metrics

  • Support delivery of Policy metrics for Application testing and remediation.

  • Ensure constant communication with Business to deliver MI and technical information to support development processes

  Additional Information

  Experian Careers - Creating a better tomorrow together

  Find out what its like to work for Experian by clicking here

• About the company

  Experian plc is an Anglo-Irish multinational consumer credit reporting company.

Notice