Application Security Lead

Overview

Vistex is a global enterprise software and services company that helps businesses take control of their mission-critical processes. With a multitude of programs covering pricing, trade, royalties and incentives, it can be complicated to see where all the money is flowing, let alone how much difference it makes to the topline and the bottom line. With Vistex, business stakeholders can see the numbers, see what really works, and see what to do next – so they can make sure every dollar spent or earned is really driving growth, and not just additional costs.

The world’s leading enterprises across a spectrum of industries rely on Vistex every day to propel their businesses.

The Application Security Lead reports to the IT Security Manager and works closely with Vistex’s Development and Dev Ops teams to ensure security is embedded in the design, implementation and maintenance of Vistex product services through the implement of shift-left and Dev Sec Ops  approaches

• Works closely with Development and Dev Ops teams to develop and enforce secure coding standards and best practices across Vistex’s Development and Dev Ops teams.
• Collaborates with Development and Dev Ops teams to embed security controls into CI/CD pipelines (SAST, SCA, DAST, IaC scanning)
• Participates in design process for new products and changes to existing products to ensure that security requirements are identified, assessed and specified.
• Conducts threat modelling exercises with teams during the design process to identify risk and security requirements.
• Engages with teams to develop architecture diagrams and documentation that captures the security relevant content.
• Ensures that integration with Vistex security tools is factored into the design process.
• Participates in project meetings to track progress and conducts implementation readiness reviews to ensure specified security requirements are met and that documentation is complete.
• Conducts audits against products and platforms to ensure security coverage is complete.
• Reviews Dev Ops operations to ensure security best practice is followed and that any identified risks are managed.
• Engages with senior stakeholders and team leaders to build strong working relationships to ensure security requirements are met and security improvements are implemented
• Participates in risk management exercises for software development, Dev Ops and in AI where it is used for development or is integrated into Vistex products.
• Provides metrics on secure development maturity and performance.
• Provides assistance with analyzing application layer as required by security incident response processes/
• Maintains awareness of standard and regulatory requirements that relate to software development.
• Stays informed of the current topics in secure development and Dev Ops through various publications and sources.
• Supports the IT Security team in responding to development content in customer security assessments and questionnaires as required.

The compensation for this position is $120K - $140K annually. Base pay will vary depending on factors, including but not limited to, a candidate’s location, job-related knowledge, skills and work experience. The compensation package may also include incentive compensation opportunities in the form of discretionary annual bonus. Vistex provides highly competitive benefits including comprehensive healthcare plan, 401(k) and paid time off, including paid volunteerism days!