The Principal Cybersecurity Application Security Specialist is recognized across the organization for functional expertise in application security and penetration testing. The Principal Cybersecurity Application Security Specialist will be required to effectively translate business objectives and risk management strategies into specific security technologies and services and will serve as an expert resource for those technologies.

The Principal Cybersecurity Application Security Specialist will be responsible for the following activities and functions:

• Serve as the Subject Matter Expert for a collection of critical cybersecurity technologies, possessing the highest level of expertise in the design, deployment, maintenance and remediation of those technologies
• Expert level of proficiency with application security scanning tools and foundational concepts of secure development principles
• Expert level of penetration testing skill against cloud applications, traditional applications and infrastructure
• Provides a clear technical capability roadmap for cybersecurity tools for which you are responsible, in coordination with Security Architecture
• Coordinate with Cybersecurity leadership and business owners to determine business needs and requirements
• Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts
• Validate IT infrastructure, applications and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
• Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics
• Liaise with other practitioners across the Digital organization to share best practices and insights
• Mentor and grow junior level associates
• Will coach and mentor less-experienced engineers and act as team leader on more complicated digital projects.

Education and Experience

Bachelor's degree in computer science, information systems, cybersecurity, or a related field and a minimum of 7 years related work experience. An additional four years of relevant work experience may substitute for the Bachelor’s degree. A Master’s degree can substitute for 2 years of work experience.

Certificates, Licenses, Registrations or Other Requirements:

• Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) or Certified Information Systems Manager (CISM) preferred

Security and Technical Experience

The Principal Cybersecurity Application Security Specialist should have a minimum of 5-7 years of direct, documented, and verifiable experience with the following:

• Strong communication and presentation skills
• Experience with deploying enterprise-wide, complex technology projects
• Experience and strong working knowledge of managing security infrastructure (e.g., firewalls, intrusion prevention systems (IPSs), web application firewalls (WAFs), endpoint protection, SIEM, and log management technology)
• Experience and strong working knowledge of vulnerability management tools
• Experience and a strong working knowledge of the methodologies to conduct risk assessment exercises on new applications and services
• Full-stack knowledge of IT infrastructure:
• Applications
• Databases
• Operating systems – Windows and Linux
• Hypervisors
• Networks – WAN, LAN, SCADA, Storage and Backup
• Direct experience designing IAM technologies and services:
• Active Directory
• Lightweight Directory Access Protocol (LDAP)
• Amazon Web Service (AWS) IAM
• Experience leading the deployment of applications and infrastructure into public cloud services