Director of Application Security

CNA

Sorry, this job was removed at 11:47 a.m. (CST) on Monday, May 23, 2022

View 296 Jobs

Find out who's hiring in Chicago.

See all Cybersecurity + IT jobs in Chicago

View 296 Jobs

Apply

By clicking Apply Now you agree to share your profile information with the hiring company.

Save job

Job Summary
Leadership position responsible for spearheading the vision, design, and implementation of Application Security (AppSec) program for CNA. This position leads the AppSec team, develops AppSec strategies, and conducts application security assessments for the selection, development and implementation of enterprise applications. This position will focus on designing strategies for assessing in-house developed applications design review, threat modeling, manual code review, and collaborating with application owners to remediate risk.
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:

Lead the Application Security program as an AppSec SME throughout a global technology organization with in-house developed applications and various legacy and modern systems within data centers and the cloud.
Lead and mentor a team of AppSec professionals across the DevSecOps, SAST/DAST, Software Composition, and SDLC disciplines.
Develop enterprise policy and technical standards with specific regard to application security management and secure development standards.
Document technical issues identified during AppSec assessments and correlate technical issues across applications to update application security standards.
Define and report on AppSec assessments utilizing the Common Vulnerability Scoring System (CVSS) classifications and standards.
Fully understand business requirements and work with them to define appropriate solutions for security objectives while meeting the business need.
Be a champion for AppSec and information security including broadening awareness and use of the team's services, education of security best practices and integration with other business areas.
Provide guidance, technical expertise, and support to team members regarding application assessments.
Develop and improve KPIs and metrics for AppSec functions.
Participate and lead new projects as needed.

May perform additional duties as assigned.
Reporting Relationship
Typically AVP or above
Skills, Knowledge & Abilities

Proven track record of leading AppSec teams with proven knowledge and competence in security concepts and strategies and the ability to successfully implement them.
Expert knowledge of a pplication vulnerability management tools and strong technical understanding and experience assessing vulnerabilities and identif ying weaknesses in multiple in-house developed applications across multiple on-prem and cloud platforms. Experience with one or more of the following tools: Fortify, Veracode WebInspect, Burp Suite, Nexus and others.
Strong written and verbal communication skills with the ability to collaborate through all parts of the business.
High performance skillset which not only understands the threat spaces as it relates to risks, but also able to meet the technical challenge of communicating this out to our teams.
Leadership skills which bring out the best in the team. This includes both direct leadership but also cross-functional capabilities.
Excellent ability to effectively interact and communicate with all levels of external vendor and/or internal business partners within scope of responsibility, team and/or matrix environment
Reporting gaps in a meaningful way that addresses a business risk as well as providing technical solutions to the operations teams in remediation is key.
Experience in working across public cloud and on-premises hybrid infrastructure.
Self-starter with the ability to make independent decisions and the judgment to know when to seek guidance.
Fundamental understanding of risk vs severity.
Comfort in a diverse technology environment spanning multiple operating systems and architectures.
Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks.

Education & Experience

Bachelor's degree in Computer Science, or related discipline, or equivalent work experience.
Typically a minimum of ten years' related work experience in Information Technology, preferably with at least four years of experience in Application Security.

#LI-JB1
#remote

Read Full Job Description

Technology we use

Engineering
Product
Sales & Marketing

- JavaLanguages
- JavascriptLanguages
- KotlinLanguages
- PerlLanguages
- PythonLanguages
- RLanguages
- SqlLanguages
- jQueryLibraries
- jQuery UILibraries
- ReactLibraries
- Node.jsFrameworks
- SpringFrameworks
- AccessDatabases
- DB2Databases
- Microsoft SQL ServerDatabases
- MySQLDatabases
- OracleDatabases
- PostgreSQLDatabases
- Google AnalyticsAnalytics
- ConfluenceManagement
- JIRAManagement
- Microsoft ProjectManagement
- SalesforceCRM
- SendGridEmail
- MarketoLead Gen

An Insider's view of CNA

How would you describe the company’s work-life balance?

Work-life balance has always been a priority for me. It always will be. CNA’s hybrid working model allows me to not only maximize collaboration with my peers but also take advantage of increased flexibility by combining remote and in-office work. I’m empowered to take control of my schedule based on what works best for me and my team.

Alison Massey

Agile Scrum Master Consultant

How does the company support your career growth?

Throughout my five-year career, I’ve seen CNA value creating thinking and continuous learning. My managers actively encourage me to pursue rewarding professional development opportunities. Those opportunities have had a direct impact on my career growth. At CNA, the opportunities are endless and your career aspirations matter.

Alaina Cole

Underwritting Specialist

What unique initiatives do you have that encourage innovation?

We have an Innovation program and team that designs processes to encourage creative thinking and capture ideas across CNA. In addition to collaborating with and learning from world-class technology partners, we also host events such as our Innovation Summit and Hackathon, which bring winning competition ideas to life in real products and services.

Keith Zhang

Architecture Consulting Director

What's the biggest problem your team is solving?

A primary focus of my team is reducing the time-to-market associated with machine learning models. By leveraging cutting-edge cloud services and streamlining processes, we’re enhancing the model development lifecycle. That enhancement allows us to use efficient, effective predictive analytics when making business decisions.

Ryan Gulden

Senior AI/ML Engineer

What are CNA Perks + Benefits

CNA Benefits Overview

One of the many advantages of working at CNA is the benefits program we offer you and your eligible dependents,
beginning on the first day of your employment. The program features a variety of plans that provide health care
benefits, well-being, disability and survivor protection, and 401(k) savings, among others. Below are highlights
of the offerings.

Culture

Volunteer in local community

Partners with nonprofits

Open door policy

OKR operational model

Open office floor plan

Flexible work schedule

Remote work program

Diversity

Dedicated diversity and inclusion staff

Diversity employee resource groups

Health Insurance + Wellness

Flexible Spending Account (FSA)

Disability insurance

Dental insurance

Vision insurance

Health insurance

Life insurance

Wellness programs

Financial & Retirement

401(K)

401(K) matching

Company equity

Employee stock purchase plan

Performance bonus

Charitable contribution matching

Child Care & Parental Leave

Generous parental leave

Family medical leave

Adoption Assistance

Vacation + Time Off

Generous PTO

Paid holidays

Paid sick days

Office Perks

Relocation assistance

Onsite gym

Professional Development

Job training & conferences

Tuition reimbursement

Lunch and learns

Online course subscriptions available

View full list of perks + benefits