Job Number: R0142057

Application Security, Senior Manager
Key Role:

Establish and maintain Booz Allen's Application Security practice, part of the Commercial Consulting Team. Determine the application security direction, standards and requirements for services and solutions sold to Booz Allen Commercial customers. Enable business to understand risks and overall security posture of their application constructs. Educate and influence client software engineering teams on cybersecurity best practices. Assist clients to establish Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) relevant to their product and market goals around cybersecurity assurance. Work proactively with leaders across all levels to design, implement and support solutions that ensure clients have a secure-by-design and best practice approach across the full software development lifecycle in addition to working jointly with leaders across application development, technical and enterprise architecture, software reliability and cybersecurity to ensure application architectures and designs properly consider security best practices. Lead, hire and inspire teams of Application Security Engineers and Architects to perform security posture assessments of applications and back-end systems, provide recommendation and remediation plans along with development, implementation, and support of architectures and operational models supporting solutions and services meeting client requirements. This position is open to remote delivery anywhere within the U.S., to include the District of Columbia.

Basic Qualifications

• 3+ years of experience with leading technical teams in an application security field
• 5+ years of experience with application development and developing, architecting, and implementing application security solutions
• Experience with managing across SDLC, including vulnerability management considerations, modern development tools and frameworks, Agile, SAFe, CI/CD, and DevSecOps
• Experience with software composition analysis program to evaluate security of open-source software to protect software supply chain, public cloud security methodologies and tools, design, testing of application and data level controls across products
• Experience with the integration of common infrastructure security technologies and solutions into business solution architectures
• Experience working with SAST and DAST Assessment using tools like Veracode or Fortify
• Knowledge of OWASP Top 10 Vulnerabilities and prevention techniques and technology, security, risk, and compliance best practices
• Knowledge of major security frameworks including OWASP, CWE, SANS, and NIST and associated prevention techniques and how to read and review code in Java, C/C++, GO, AngularJS, Node.JS, Swift, Python
• Knowledge of common information security standard, including ISO 27001/27002, NIST CSF, FEDRAMP, CSA and CIS Controls.
• Bachelor's degree

Additional Qualifications

• Ability to interface with both technology and business areas
• Ability to create collaborative relationships with colleagues and influence without authority
• Possession of excellent interpersonal skills
• CISM, CISSP, CISA, CRISC preferred

The proposed salary range for this position in Colorado is 180,000 to 220,000. Final salary will be determined based on various factors.

At Booz Allen, we celebrate your contributions, provide you with opportunities and choice, and support your total well-being. Our comprehensive benefit offerings include healthcare, retirement plan, insurance programs, commuter program, employee assistance program, paid and unpaid leave programs, education assistance, and childcare benefits.

We're an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change - no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.