Director, Application Security & Threat Hunting


Director, Application Security & Threat Hunting

Role Description:

The Director of Application Security and Threat Hunting and is responsible for a global team of Information Security Professionals and for developing and implementing an information security testing and validation program for the organization.   
The Director will define information security strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information and for establishing a set of business processes that define how systems and networks will be tested.
This role must anticipate future needs of the organization and plan for how to respond new threats.  He/She must have the ability to plan and optimize staff and procedures in an effort to prevent risks and must work with other management teams across different departments to ensure that security testing  engagements are working appropriately.   


● Provides vision and leadership for both the Application Security team as well as the Threat Hunting and Pen-Test teams.  
● Participates with leadership to develop strategic plans and objectives to reduce risk and increase security posture globally.
● Contributes to the development of departmental strategies and adapts and executes plans to achieve key Global Security, IT, and business objectives.  
● Contributes towards the planning, staffing, budgeting, and managing of expense priorities, as well as changes to methods and practices to meet corporate requirements
● Applies advanced knowledge and experience to the development of the security program.  Ensure management address and respond to issues identified during testing by communicating risk that is understandable to the business.
● Manages the work activities of lower level managers and or individual contributors and provides guidance in accordance with established policies and management guidance.
● Provides leadership to Managers, Supervisors, and/or Professional staff
● Develop strategies to improve overall Global Security Posture.


• Set the vision and long term goals for the implementation of new security infrastructure and application testing methodologies.
• Continuously mature the overall Cybersecurity Risk Management and Security Testing Program
• Ensure management creates and/or updates security testing policies, standards, and procedures for the enterprise.
• In collaboration with Global Security leadership, create and promote the security roadmap
• Collaborate in recruiting, resume review, phone screening, and interviews to bring in top-tier management talent and security talent for the team
• Monitor, review and coach Manager's and senior staff performance; deliver regular performance appraisals and provide disciplinary actions as appropriate
• Develop Team Cohesion- bring people together and instill a high sense of pride in the team’s accomplishments

Desired Skills:

•  Excellent understanding of Managing Cybersecurity Risk
•  Leadership and the ability to drive change across both the Global Cybersecurity organization as well as Global IT
• Experience establishing Information Security, Application Security, and Penetration Testing programs with a distributed team across a complex technical landscape
•  Experience working with and presenting technical issues to senior leadership
•  Experience with IT and IT Security regulatory and compliance requirements of multiple industries.  
•  Experience with privacy and security compliance (GDPR and CCPA)
•  Responsibilities and experience formulating an incident response team.


• Bachelors in IT, Computer Science, Cyber Security, and/or a combination of 10+ years of experience working in IT and/or IT Security in multiple capacities.

•  Ability to discreetly conduct security investigations while maintaining privacy of the effort

•  A hybrid candidate who is comfortable in both Penetration Testing and Red Teaming

•  Developing, extending, or modifying exploits, shellcode or exploit tools

•  Able to demonstrate a level of familiarity with real-world vulnerabilities, exploits, and payloads

•  Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff

•  Experience with: Proxies, Port Scanners, Vulnerability Scanners, Exploit Frameworks (ex: Burp, Nmap, Nessus), Security configuration and operation of UNIX (Solaris), Linux, Android, iOS and Windows systems, Programming or scripting in UNIX, Windows, Android or iOS platforms, and wearables

•  Working knowledge of NIST Special Publications 800-37, 800-53, and 800-118

• Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), Penetration Testing Execution Standard (PTES)

• Knowledge of threat modeling methodologies

• Understanding of Cyber Kill Chain & Intelligence Defense

•  OSCP, Ethical Hacker Certification, or Similar advanced Security certifications are required.  Other desired certifications include: CISSP, CISA, CISM, MCSE, SANs

• Travel will be required both domestically and internationally