Manager, Software Cyber Security

The Application Security Manager, Works as a part of our security team and will collaborates with, Software Engineers, R&D Teams, Product Managers and  othe IT professionals to ensure that our applications, Products & Software Solutions are protected and secure. contributing to our Cloud/On-prem strategic security program, Start by defining the need, map the gaps and implement Secure Development into the SDLC process according the Security Standards, regulations & Compliance and industry best practices.

Responsibilities

• Developing and maintaining software application security Standards, policies and procedures
• Providing security technical leadership, guidance, and direction to various teams across the Product & Software Development process
• Work with the R&D and SW Engineering teams to identify, capture, escalate, and close security vulnerabilities found in Stratasys products. Analyzing system services, spotting security issues in code, networks and applications
• Developing and maintaining documentation of security controls in application, software and solution
• Be part and contribute in designing technical solutions to address security weaknesses
• Participate in and support application security reviews and threat modelling, including code review and dynamic testing.
• Own and perform application security vulnerability management.
• Facilitate and support the preparation of Software releases from security POV and be part of the PLCM processes.

• Be a focal point and Subject Expert Metter, Guide, advise and Support development and Software engineer teams in the area of application security and in address security weaknesses

• Create a Continues Improvement atmosphere and building and managing security training program.
• Assist in development of automated security testing, DAST to validate that secure coding best practices are being used.
• Support the bug bounty program.

Requirements

• At least 6 years Technical experience with any combination of the following: threat modelling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security.
• Demonstrate experience integrating security into product development, CI/CD pipelines and Infrastructure-as-code
• At least 2 years’ experience with a strong understanding of common attack vectors, vulnerabilities, and mitigations
• Set security controls and design requirements during the software creation and development stage of the software lifecycle
• Knowledge & Experience in identifying security issues through code review, automated test tools / DAST.
• A thorough understanding of the NIST, OWASP and SANS frameworks
• At least 2 years Experience working with developers and Software Engineering Teams
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
• Ability to learn on the job