Develops strategy, governance, and oversight to ensure that AARP's applications and infrastructure are designed, built, and implemented to the highest security standards to meet and exceed constituents' expectations of security and privacy. Oversees multiple information security programs, including application security and cloud security and will be expected to establish the programs' long- term strategy and vision, oversee the execution of all initiatives related to the programs, and align with the overall objectives of the information security organization.
Areas of Responsibility:
- Leads the design, implementation, support, and evaluation of security-focused application and cloud security solutions and services.
- Leads AARP's application and cloud security programs and develops road maps to reduce material risks in those spaces.
- Identifies security issues and risks in applications and cloud infrastructure and develops mitigation plans.
- Ensures applications, databases and infrastructure are architected, designed, and operated in alignment with application and cloud security policies and best practices.
- Identifies security requirements and improvements in system development life cycle (SOLO), Agile/Scrum, and DevOps processes.
- Performs and oversees the assessment, penetration testing, and scanning of applications, databases, and cloud infrastructure.
- Manages and oversees AARP's RASP and WAF environments.
- Leads the development and interpretation of application and cloud security policies and standards
- Evangelizes security within AARP and serves as an advocate for member trust.
- Contributes to development of company-wide security strategy.
- Stays current on emerging security threats, vulnerabilities, and controls.
Educational Background:
Completion of a Bachelor’s degree in Computer Science or a related field or experience in an information security capacity
Skills/Experience:
- 8+ years of relevant information security experience, with 2+ years of experience in application development and 2+ years of experience in application security and cloud security. Certification in information security a plus (SANS, GIAC, CISSP, etc.).
- In-depth knowledge of the OWASP Top 10.
- Experience in threat modeling and risk assessment approaches.
- Experience working in an Agile, Scrum, or DevOps environments.
- Experience with application security scanning tools, such as AppScan, Veracode, Acunetix, Webinspect, etc.
- Knowledge of application architecture, application security principles, and cryptography.
- Understanding of attack methods and tools.
- Experience in identifying application, cloud, and database security risks and driving them to remediation.
- Experience in network- and web-related protocols (e.g., TCP/IP, UDP, IPSEC. HTTP, HTTPS, and routing protocols).
Compensation/Benefits:
AARP offers competitive benefits with a 401K, 100% company funded pension plan, health, dental, vision and life insurance, STD/LTD, paid vacation and sick, and other benefits.
Job Function:
Organization Info
Listing Stats
Post Date:
Sep 6 2018
Active Until:
Oct 6 2018
Hiring Organization:
AARP
industry:
Nonprofit