Overview
Head of Application Security
Location : London
Salary :
We strongly encourage people of colour, lesbian, gay, bisexual, transgender, queer and non-binary people, veterans, parents, and individuals with disabilities to apply. Bumble is an equal opportunity employer and welcomes everyone to our team. If you need reasonable adjustments at any point in the application or interview process, please let us know.
In your application, please feel free to note which pronouns you use (For example – she/her/hers, he/him/his, they/them/theirs, etc).
You lead and manage the Application Security Programme and report to the CISO. The Application Security Programme is designed to ensure that any software developed and/or deployed meets the high standards expected to ensure the security and privacy of our customers.
You will supervise the application security efforts across the engineering pods, providing technical guidance, and manage the application security budget. As the Head of Application Security, you will oversea the activity of the Application Security Chapter, a virtual team composed of members that are cross-cut all software development pods and are embedded into those teams.
If you are proficient at creating risk and compliance reports, supporting audit processes, measuring security performance metrics, and reporting on security risks to key stakeholders, we would love to hear from you.
KEY ACCOUNTABILITIES
Lead and manage the AppSec cross-tribe virtual team of security champions within Software Engineering.
Integrate security tools, standards, and processes into the SDLC.
Ensure that product managers, software developers and QA individuals are trained with the appropriate level of security knowledge to securely perform their roles.
Integrating and supporting application security tool deployments including software component analysis, static analysis, and runtime testing tools.
Creating, maintaining, and improving secure development standards.
Supporting design and architecture review processes whenever application security expertise is required.
Managing application penetration testing activities, for both internal, and externally facing applications.
Managing application framework security improvement initiatives.
Managing 3rd party risk from vendors and components that contribute to the SDLC.
Managing all aspects of application security within the bug bounty programme.
Managing all aspects of application security within the vulnerability management programme.
Integrating threat modelling practices into the SDLC.
Providing security requirements into the design phases.
Producing metrics reporting the state of application security programmes and the performance of software development teams against requirements.
REQUIRED SKILLS AND KNOWLEDGE
Strong influential and communication skills, you will be required to ensure security standards and responsibilities are being met across development teams.
Familiarity with documentation and process alignment with relevant industry standards and best practices.
Familiarity with agile development processes and experience in integrating secure development practices into those processes.
Detailed familiarity with OWASP
Top
10,
WASC
TCv2,
and
MITRE/SANS CWE
25
.
Experience in threat management including but not limited to Mitre ATT&CK tactics and techniques.
Excellent analytical skills, problem-solving and interpersonal skills.
Proficient in measurement constructs, preparation of reports, dashboards and documentation.
DESIRABLE EXPERIENCE
Familiarity with industry standards and regulations including ISO27001, SOX, PCI-DSS, and GDPR.
Bachelor’s
degree
or
higher
in
Software Engineering, Computer
Science or related is
preferred.
Previous experience in writing and testing PHP, Java/Kotlin, C/C++, or JavaScript would be an advantage.
With over 600 staff in 10+ countries all working remotely during the time of COVID-19, we’ve worked hard to adapt and support our teams during this challenging time, including:
* Flexible working hours
* Streaming free, live yoga & meditation sessions each week, as well as a full weekly timetable of free online exercise classes
* ‘Random Coffee’ – connecting staff across the globe in pairs once a week to get to know each other over a video chat
* ‘First Fridays’ – meal delivery for a remote lunch with your team once a month
* Employee Support Fund for those whose households are experiencing financial hardship due to COVID-19
* Written resources to guide employees through this challenging time
* You will also be taken through a fully digital onboarding process!
About Bumble: Bumble is the parent company that operates Badoo and Bumble, two of the world’s largest dating and connection apps with millions of users globally. The Bumble app was founded by CEO Whitney Wolfe Herd in 2014. Bumble is majority-owned by Blackstone and has over 600 employees in offices in Austin, London, and Moscow.
If this job opportunity is not suitable, then check out the other LGBT friendly jobs across UK!
