Social network you want to login/join with:
Foundever is a global leader in the customer experience (CX) industry. With 150,000 associates across the globe, we're the team behind the best experiences for +800 of the world's leading and digital-first brands. Our innovative CX solutions, technology, and expertise are designed to support operational needs for our clients and deliver a seamless experience to customers in the moments that matter.
Supporting +9 million customer conversations every day in +60 languages across 45 countries, Foundever combines global strength and scale with the agile, entrepreneurial approach of our founder-led culture, enabling companies of all sizes and industries to transform their CX.
Winner of Comparably's Award for Best Global Culture in 2024, 2023, 2022, and 2021Gold Stevie Award Winner for Great Employers in 2024 and 2022We foster an exciting culture of creativity, connection, and commitmentJob Summary Reporting into the Global Security organization, the global manager of Application Security Engineering will be responsible for the architecture and engineering aspects of embedding security into the day-to-day activities of the software engineering teams in collaboration with the regional technology, developers, QA, legal, sales, and operations to ensure the systems developed are in compliance with applicable security policies, regulations, and industry standards.
The position will be tasked with identifying and reporting on vulnerabilities in applications developed internally and their supporting infrastructure, and researching threats and attack vectors that impact web, enterprise, and mobile applications. With a focus on turning vulnerabilities into actionable opportunities to improve the security posture of the products and systems, the position will also assist the Product Engineering and IT teams in the remediation efforts and the creation of the appropriate processes to reduce the number of vulnerabilities early on in the development phases. This position will also work as POC for any security engineering-related item for the region where it is located.
Responsibilities Demonstrated skills in the area of Cyber Security and associated compliance regulations and industry standards, which include, but are not limited to: SSAE18, PCI-DSS, ITIL, ISO 27001, COBIT, NIST 800-53.Conduct reviews of existing application code and implementations, and recommend industry best practices in the area, as well as having the capability to analyze multiple instances of vulnerability patterns that can be traced to a single root cause to eliminate existing risks through the development of policies and processes.Support application security initiatives to ensure the software applications do not pose information risk to the company, developing and updating security patterns aligned with security requirements.Support AI initiatives, ensuring the security implementation of the technology.Partner with teams and deliver security risk assessments, manual/automated/external penetration testing, automate security testing, threat modeling, and education on secure coding.Integrate Static and Dynamic Application Security Testing and reporting into the SDLC to ensure that new applications or applications undergoing a major change are assessed for vulnerabilities prior to production implementation.Create functional and non-functional security requirements, including delivering secure cloud services that strike a balance of product usability.Project management skills that organize, drive, and execute initiatives.Demonstrated collaboration with all global technology functions to ensure that the ongoing education, awareness, and execution aligns with the Security Engineering Roadmap.Demonstrated ability to drive security conversations based upon factual data.Demonstrated experience working in a complex global environment and being a security change agent in order to drive improved security controls and operations.Disaster Recovery strategy – partner with technology to design, implement, and operate regional disaster recovery models and plans for applications.Work closely with the Global Director of Security Engineering on the development of functional goals and objectives.Be seen as a functional leader and resource within the company and security technical lead for the region.Support other areas in global security, including investigations, risk assessments, and new projects as required.Support the approval process for requirements from internal and external clients.Business Travel Required: Minimal travel required, up to 10%.
Education and Qualifications Four-year computer science, engineering, business degree or related degree, and/or equivalent field experience.A second language would be an advantage.Minimum of 5-10+ years of increasingly diverse or complex experience in the field of Cyber Security within a global environment.3+ years of professional development or application security experience.Excellent communication, analytical, and writing skills with the ability to participate in and lead team-based projects.Prior call center experience is highly advantageous given the specialized security environment that will be managed.Experience working in an ITIL environment.Must work well in a dynamic team that is geographically dispersed.Ingenuity, creativity, motivation, and self-starter attitude required.People management skills and proven experience leading diverse teams both on and offshore.Knowledge/Skills/Abilities Strong understanding of Software Security Architecture and Design, SDLC, CI/CD, and the ability to clearly articulate best practices for application security.Evaluate, deploy and manage applications security tools (DAST, SAST, IAST, RASP, WAF, etc) and build strong vendor relationships.Previous application security testing or incident response experience, including documenting vulnerabilities, findings, or incidents.Provides input in the development of operating and capital budgets.Understanding of ISO27001 processes and practices.Personnel Skills (1-2-1, review, interview, appraisals, disciplinary skills).Able to work in a highly dynamic environment.Ability to create business strategies and business cases.Understanding of financial drivers and strong P&L experience.Excellent verbal and written skills and able to communicate effectively with internal and external clients whilst maintaining enthusiasm, sound judgment, and common sense.Able to thrive in an environment undergoing rapid technological and business change.Administration and organization.Special Certifications: CISSP (Must be obtained within 2 years of being in role).Competitive salaries, benefits, 401K contribution matching, and paid time off.Onsite and remote work at home available (depending on the market).Growth opportunities through various development programs.
#J-18808-Ljbffr