Manager, Application Security: in Miami, FL at Royal Caribbean Cruises Ltd.

Date Posted: 6/1/2019

Job Snapshot

Job Description

Manager, Application Security: 

  • Royal Caribbean Cruises, Ltd (RCCL) is seeking a Manager of Application Security to lead the identification, assessment, mitigation, monitoring, governance, and reporting of software vulnerability throughout IT and large-scale development programs such as Digital Transformation. 
  • The successful candidate in this role will be the application security champion and develop a multi-year application security strategy and roadmap. 
  • The Manager of Application Security will ensure proper technology risk considerations are addressed at each phase of the system development life cycle (SDLC) and provide proactive solutions to correct exposures or mitigate risk.  
  • This position will work with all functions that purchase or develop code, striking a balance between operational and control needs and is responsible for the security of all applications across the enterprise while developing effective partnerships.

 

Responsibilities:

  • Apply deep technical expertise to evaluate software’s ability to meet defined control objectives, determine remediation requirements, and identify impacts to IT and business unit operations.
  • Establish security goal for engineering teams, and work alongside product and operations teams to implement security requirements & features.
  • Proactively address application security issues.
  • Provide guidance and subject matter expertise on application security.
  • Provide thought leadership on the subject of application security.
  • Present reports to appropriate IT leaders, highlighting findings, trends, level of exposure and recommended mitigation.
  • Analyze and prioritize securing software.
  • Recommend and develop new security solutions, and/or modify existing workflows and SDLC processes.
  • Build effective working relationships with key partners, such as other Security teams, Legal, Compliance and Audit as well as participate in cross functional teams, such as Security Governance teams.
  • Partner with security consulting firms, to augment the internal team as needed.
  • Manage the Application Security team including training and upskilling the team.
  • Develop and update policies/procedures/standards related to Software Assurance and guide/educate developers in preventing future or reoccurring errors.
  • Build and lead a diverse team in the implementation of the Application Security roadmap projects on-time and on-budget.
  • Develop the Application Security team by providing guidance, personalized coaching, and constructive feedback.

 

 

 

Job Requirements

Qualifications:

  • A Bachelor’s Degree in a technical concentration (Math, Engineering, Computer Science) is preferred, but non-technical degrees are acceptable with sufficient practical experience in Computer Science.
  • 5 years of experience as a Software Engineer/Developer.
  • 3 years of experience with Application Security.
  • 5 years of experience managing small to medium sized teams and projects.
  • 3 years of experience working in an Agile development environment, with an end-to-end understanding of the SDLC.
  • Experience implementing tools and creating processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, IAST, Pen Testing, Security Unit Testing, etc.);
  • Expertise with browser security controls (CSP, XFO, HSTS, etc.), web application security topics such as OWASP Top 10, and authentication infrastructure (SAML, OAUTH) ;
  • Knowledgeable regarding back end security topics such as secret management and service authentication;
  • Familiarity with DevOps automation tools such as Jenkins, Ansible and Jira.  
  • Experience building strategic, goal-oriented project plans and then leading teams to successful execution of that vision.
  • Practiced at creating purposeful metrics and key performance indicators that illustrate the team's successes and identify areas for improvement including implementing actions for continuous improvement.
  • Demonstrated competency with decisiveness, direct feedback loops, and taking proactive ownership of problems from start-to-finish.
  • Industry recognized Information Security Certification, i.e. CISSP, CSSLP.

 

Stay Connected!

If you’re interested in career opportunities, but not ready to apply, join our Talent Network to stay connected to us and receive updates on the latest job opportunities and company news.

Cruise