Director of Application Security

| Chicago, IL
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Job Summary
Leadership position responsible for spearheading the vision, design, and implementation of Application Security (AppSec) program for CNA. This position leads the AppSec team, develops AppSec strategies, and conducts application security assessments for the selection, development and implementation of enterprise applications. This position will focus on designing strategies for assessing in-house developed applications design review, threat modeling, manual code review, and collaborating with application owners to remediate risk.
Essential Duties & Responsibilities
Performs a combination of duties in accordance with departmental guidelines:
  • Lead the Application Security program as an AppSec SME throughout a global technology organization with in-house developed applications and various legacy and modern systems within data centers and the cloud.
  • Lead and mentor a team of AppSec professionals across the DevSecOps, SAST/DAST, Software Composition, and SDLC disciplines.
  • Develop enterprise policy and technical standards with specific regard to application security management and secure development standards.
  • Document technical issues identified during AppSec assessments and correlate technical issues across applications to update application security standards.
  • Define and report on AppSec assessments utilizing the Common Vulnerability Scoring System (CVSS) classifications and standards.
  • Fully understand business requirements and work with them to define appropriate solutions for security objectives while meeting the business need.
  • Be a champion for AppSec and information security including broadening awareness and use of the team's services, education of security best practices and integration with other business areas.
  • Provide guidance, technical expertise, and support to team members regarding application assessments.
  • Develop and improve KPIs and metrics for AppSec functions.
  • Participate and lead new projects as needed.

May perform additional duties as assigned.
Reporting Relationship
Typically AVP or above
Skills, Knowledge & Abilities
  1. Proven track record of leading AppSec teams with proven knowledge and competence in security concepts and strategies and the ability to successfully implement them.
  2. Expert knowledge of a pplication vulnerability management tools and strong technical understanding and experience assessing vulnerabilities and identif ying weaknesses in multiple in-house developed applications across multiple on-prem and cloud platforms. Experience with one or more of the following tools: Fortify, Veracode WebInspect, Burp Suite, Nexus and others.
  3. Strong written and verbal communication skills with the ability to collaborate through all parts of the business.
  4. High performance skillset which not only understands the threat spaces as it relates to risks, but also able to meet the technical challenge of communicating this out to our teams.
  5. Leadership skills which bring out the best in the team. This includes both direct leadership but also cross-functional capabilities.
  6. Excellent ability to effectively interact and communicate with all levels of external vendor and/or internal business partners within scope of responsibility, team and/or matrix environment
  7. Reporting gaps in a meaningful way that addresses a business risk as well as providing technical solutions to the operations teams in remediation is key.
  8. Experience in working across public cloud and on-premises hybrid infrastructure.
  9. Self-starter with the ability to make independent decisions and the judgment to know when to seek guidance.
  10. Fundamental understanding of risk vs severity.
  11. Comfort in a diverse technology environment spanning multiple operating systems and architectures.
  12. Strong understanding of enterprise, network, system/endpoint, and application-level security issues and risks.

Education & Experience
  1. Bachelor's degree in Computer Science, or related discipline, or equivalent work experience.
  2. Typically a minimum of ten years' related work experience in Information Technology, preferably with at least four years of experience in Application Security.

Read Full Job Description
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • .NETLanguages
    • JavaLanguages
    • JavascriptLanguages
    • KotlinLanguages
    • PerlLanguages
    • PythonLanguages
    • RLanguages
    • SqlLanguages
    • jQueryLibraries
    • jQuery UILibraries
    • ReactLibraries
    • AngularJSFrameworks
    • Node.jsFrameworks
    • SpringFrameworks
    • AccessDatabases
    • DB2Databases
    • Microsoft SQL ServerDatabases
    • MySQLDatabases
    • OracleDatabases
    • PostgreSQLDatabases
    • Google AnalyticsAnalytics
    • ConfluenceManagement
    • JIRAManagement
    • Microsoft ProjectManagement
    • SalesforceCRM
    • SendGridEmail
    • MarketoLead Gen

What are CNA Perks + Benefits

CNA Benefits Overview

One of the many advantages of working at CNA is the benefits program we offer you and your eligible dependents,
beginning on the first day of your employment. The program features a variety of plans that provide health care
benefits, well-being, disability and survivor protection, and 401(k) savings, among others. Below are highlights
of the offerings.

Volunteer in local community
Partners with Nonprofits
Friends outside of work
Open door policy
Team owned deliverables
Group brainstorming sessions
Open office floor plan
Dedicated Diversity/Inclusion Staff
Diversity Employee Resource Groups
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Onsite Gym
Retirement & Stock Options Benefits
401(K) Matching
Company Equity
Employee Stock Purchase Plan
Performance Bonus
Match charitable contributions
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
Family Medical Leave
Adoption Assistance
Vacation & Time Off Benefits
Generous PTO
Paid Holidays
Paid Sick Days
Perks & Discounts
Relocation Assistance
Professional Development Benefits
Job Training & Conferences
Tuition Reimbursement
Diversity Program
Lunch and learns
Online course subscriptions available

More Jobs at CNA

Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Save jobView CNA's full profileSee more CNA jobs