BeyondTrust is the worldwide leader in intelligent identity and access security, empowering organizations to protect identities, stop threats, and deliver dynamic access to empower and secure a work-from-anywhere world. Our integrated products and platform offer the industrys most advanced privileged access management (PAM) solution, enabling organizations to quickly shrink their attack surface across traditional, cloud and hybrid environments.
The VP of Application Security is a high visibility position responsible for leading and maturing all product security practices across the BeyondTrust portfolio. We are seeking a seasoned practitioner with proven success in leading and scaling application security functions within high growth SaaS environments. The ideal candidate has deep domain knowledge across modern security frameworks, tools and best practices, broad experience interfacing with enterprise-level customers, and demonstrated success building and leading world-class teams. The VP will lead a team of application security engineers and will report to the SVP of Technology Operations. Open to remote, must be US-based.
Essential Duties and Responsibilities
- Partner with Engineering and Ops leadership to evolve security maturity of the development lifecycle including the integration of modern security controls, standards, and processes into all phases of software design and development
- Identify and facilitate remediation of all vulnerabilities including the establishment of dynamic internal visibility into vulnerability tracking and remediation SLA's
- Take a customer-centric approach by establishing relationships with key customers, ensuring remediation gaps are promptly closed across the installed base and maturing all internal and external communication and documentation practices
- Establish a close working relationship with Senior PM, Sales and TAM leadership to mature AppSec involvement in the customer engagement lifecycle including security documentation and supporting tool modernization.
- Be a senior-level resource for Product, Engineering and Sales leadership. Train the broader team in the development of these skills.
- Manage all internal and third-party application penetration testing projects and bug bounty programs
- Research new application security tools and technologies as needed, and evaluate options that enhance security capabilities
- Conduct internal security strategy, readiness and discovery assessments in partnership with InfoSec, Engineering and Legal departments
- Manage, lead and grow the application security engineering teams
- Data-driven mindset with strong attention to detail
- Ability to thrive in an ambiguous and fast paced environment
- Intellectual curiosity & willingness to take ownership of deliverables
- Enjoy orchestrating people and managing complicated cross-functional challenges
- Relevant certifications, ie OWASP, OSCP, CASE, CASS, CSSLP, CEH CISSP, GSEC, CISM etc.
- Experience with AWS security (IAM, EC2, VPC, S3, etc.) and cloud best practices.
- 15+ years of progressive experience in Enterprise Software Application Security
- BA/BS or Masters degree in a relevant engineering field or equivalent practical experience
- Proven experience building high performing teams
- Must be a strong self-starter ready to join a world class team looking to do big things
- Strong understanding of supply chain attacks and how to successfully mitigate them.