Jobs//Hybrid//Chicago, IL//Cybersecurity + IT//

Director of Application Security

CNA
| Hybrid
Sorry, this job was removed at 12:37 p.m. (CST) on Monday, May 23, 2022
View 7971 Jobs
Find out who's hiring in Chicago, IL.
See all Cybersecurity + IT jobs in Chicago, IL
View 7971 Jobs
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

Job Summary
Leadership position responsible for spearheading the vision, design, and implementation of Application Security (AppSec) program for CNA. This position leads the AppSec team, develops AppSec strategies, and conducts application security assessments for the selection, development and implementation of enterprise applications. This position will focus on designing strategies for assessing in-house developed applications design review, threat modeling, manual code review, and collaborating with application owners to remediate risk.
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:

  • Lead the Application Security program as an AppSec SME throughout a global technology organization with in-house developed applications and various legacy and modern systems within data centers and the cloud.
  • Lead and mentor a team of AppSec professionals across the DevSecOps, SAST/DAST, Software Composition, and SDLC disciplines.
  • Develop enterprise policy and technical standards with specific regard to application security management and secure development standards.
  • Document technical issues identified during AppSec assessments and correlate technical issues across applications to update application security standards.
  • Define and report on AppSec assessments utilizing the Common Vulnerability Scoring System (CVSS) classifications and standards.
  • Fully understand business requirements and work with them to define appropriate solutions for security objectives while meeting the business need.
  • Be a champion for AppSec and information security including broadening awareness and use of the team's services, education of security best practices and integration with other business areas.
  • Provide guidance, technical expertise, and support to team members regarding application assessments.
  • Develop and improve KPIs and metrics for AppSec functions.
  • Participate and lead new projects as needed.


May perform additional duties as assigned.
Reporting Relationship
Typically AVP or above
Skills, Knowledge & Abilities

  1. Proven track record of leading AppSec teams with proven knowledge and competence in security concepts and strategies and the ability to successfully implement them.
  2. Expert knowledge of a pplication vulnerability management tools and strong technical understanding and experience assessing vulnerabilities and identif ying weaknesses in multiple in-house developed applications across multiple on-prem and cloud platforms. Experience with one or more of the following tools: Fortify, Veracode WebInspect, Burp Suite, Nexus and others.
  3. Strong written and verbal communication skills with the ability to collaborate through all parts of the business.
  4. High performance skillset which not only understands the threat spaces as it relates to risks, but also able to meet the technical challenge of communicating this out to our teams.
  5. Leadership skills which bring out the best in the team. This includes both direct leadership but also cross-functional capabilities.
  6. Excellent ability to effectively interact and communicate with all levels of external vendor and/or internal business partners within scope of responsibility, team and/or matrix environment
  7. Reporting gaps in a meaningful way that addresses a business risk as well as providing technical solutions to the operations teams in remediation is key.
  8. Experience in working across public cloud and on-premises hybrid infrastructure.
  9. Self-starter with the ability to make independent decisions and the judgment to know when to seek guidance.
  10. Fundamental understanding of risk vs severity.
  11. Comfort in a diverse technology environment spanning multiple operating systems and architectures.
  12. Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks.


Education & Experience

  1. Bachelor's degree in Computer Science, or related discipline, or equivalent work experience.
  2. Typically a minimum of ten years' related work experience in Information Technology, preferably with at least four years of experience in Application Security.


#LI-JB1
#remote

Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
By clicking Apply Now you agree to share your profile information with the hiring company.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • JavaLanguages
    • JavascriptLanguages
    • KotlinLanguages
    • PerlLanguages
    • PythonLanguages
    • RLanguages
    • SqlLanguages
    • jQueryLibraries
    • jQuery UILibraries
    • ReactLibraries
    • Node.jsFrameworks
    • SpringFrameworks
    • AccessDatabases
    • DB2Databases
    • Microsoft SQL ServerDatabases
    • MySQLDatabases
    • OracleDatabases
    • PostgreSQLDatabases
    • Google AnalyticsAnalytics
    • ConfluenceManagement
    • JIRAManagement
    • Microsoft ProjectManagement
    • SalesforceCRM
    • SendGridEmail
    • MarketoLead Gen

An Insider's view of CNA

How would you describe the company’s work-life balance?

Work-life balance has always been a priority for me. It always will be. CNA’s hybrid working model allows me to not only maximize collaboration with my peers but also take advantage of increased flexibility by combining remote and in-office work. I’m empowered to take control of my schedule based on what works best for me and my team.

Alison Massey

Agile Scrum Master Consultant

How do you collaborate with other teams in the company?

On the Security Advisory team, collaboration is key to what we do. We sit at a unique intersection of security goals and business objectives. By working across nearly every IT team at CNA, we balance the need for maintaining secure initiatives and keeping projects on track. It’s our job to find the best, secure path to ‘Yes’ for business requests.

Zach Jones

Director, Security Advisory

How has your career grown since starting at the company?

I joined CNA as a contractor and became a full-time employee after an eight-year contractor journey. I’m passionate about solving technical challenges and CNA allows me to foster that passion. Every day, I learn about emerging technologies. I’m empowered to develop, grow, and create a career that works for me and my lifestyle.

SenthilKumar Asokan

Applications Engineer Senior Specialist

How do your team's ideas influence the company's direction?

Enterprise Architecture creates foundations for IT expectations across CNA. I’m on a team that builds reusable IT assets, communicates best practices, and decides standards for tooling, and more. I influence CNA outside of my role, too, specifically through CNA’s Employee Resource Groups. I’m empowered to influence both IT and our culture of inclus

Lisa Smith

Architecture Senior Specialist

What does career growth look like on your team?

Career growth can take on many different forms at CNA, and that’s because there are always opportunities to acquire transferrable skills. On my team specifically, we’re encouraged to identify and work toward development opportunities that matter to us. We’re empowered to make a difference while advancing our careers.

Josie Lee

Director, HR Business Partner

What are CNA Perks + Benefits

CNA Benefits Overview

One of the many advantages of working at CNA is the benefits program we offer you and your eligible dependents,
beginning on the first day of your employment. The program features a variety of plans that provide health care
benefits, well-being, disability and survivor protection, and 401(k) savings, among others. Below are highlights
of the offerings.

Culture
Volunteer in local community
Partners with nonprofits
Open door policy
OKR operational model
Open office floor plan
Flexible work schedule
Remote work program
Diversity
Dedicated diversity and inclusion staff
Diversity employee resource groups
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability insurance
Dental insurance
Vision insurance
Health insurance
Life insurance
Pet insurance
Wellness programs
Mental health benefits
Financial & Retirement
401(K)
401(K) matching
Company equity
Employee stock purchase plan
Performance bonus
Charitable contribution matching
Child Care & Parental Leave Benefits
Generous parental leave
Family medical leave
Adoption Assistance
Vacation & Time Off Benefits
Generous PTO
Paid holidays
Paid sick days
Office Perks
Commuter benefits
Some meals provided
Relocation assistance
Onsite gym
Professional Development Benefits
Job training & conferences
Tuition reimbursement
Lunch and learns
Online course subscriptions available
Paid industry certifications
View full list of perks + benefits

More Jobs at CNA

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about CNAFind similar jobs like this