Job Title: L'Oreal USA, Manager, Application Programmer
Location New York, NY
Location: New York, NY - approx. 80% and Berkeley Heights, NJ - approx. 20%
L’Oreal Group has aggressively embraced the digital era, and has advanced many leading consumer-facing digital solutions across its business units. As we prepare for the next phase of our aggressive plans, we seek a highly motivated Manager of IT Application Security who possesses a solid combination of technical and business expertise with extensive experience delivering technology solutions in the Application Security Space.
What we’ll do together:
As the Application Programmer your mission is to advise IT and business stakeholders on application security and controls, provide leadership and guidance for secure code development.
The ideal candidate for this position is a proven Application Programmer with deep understanding of methods and techniques to drive successful outcomes, and must have hands-on experience in:
- Scaling security within the SDLC by automation using tools sets such as source code analyzers, vulnerability scanners, configuration validation, and similar techniques.
- Defining application security measures and controls that support the secure development of application platform.
- Designing, testing and implementing advanced enterprise level application security standards, techniques and tools.
- Identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE/SANS Top 25 dangerous programming errors.
What your day will look like:
Candidate Evaluation Criteria
- Develop and implement IT Secure Application Development Life Cycle Policy.
- Perform penetration testing, vulnerability scan and code review of existing and new applications to improve software security.
- Perform routine audits of existing applications to identify security gaps and proposes mitigating controls.
- Provide expert advice and consultancy on application security, threat modeling and fixing vulnerabilities.
- Work closely with application development teams to provide security expertise on system, encryption, authentication, security specific code, and governance.
- Domain competencies in a number of IT-risk-related disciplines, including, Secure Applications Development, Cybersecurity, IT audit, and compliance.
- Manage implementation of application security policy and framework/tools.
- Communicate application security issues/findings to stakeholders.
- Provide consultative advice to information and application security customers that enables them to make informed risk management decisions.
- Identify and implement appropriate controls to effectively manage application risks as needed.
- Ensure compliance with industry, regulatory and L’Oreal Group defined policies and standards.
- Identify opportunities to improve risk posture, developing solutions for remediating or mitigating application risks and assessing the residual risks.
- Maintain strong working relationships with individuals and groups involved in managing application risks across the organization.
- Partner with multiple teams across multiple locations with varying sets of priorities to ensure a timely delivery of the secure application solution.
- Clarify and drive project commitments as well as establish and maintain clear chains of accountability.
- Candidates will be evaluated based on their ability to demonstrate a proven track record of proficiency at the following competencies:
- A commitment to the crucial concept of promoting security as an enabler and not an inhibitor of business.
- Building enterprise application management, governance and compliance programs.
- Strong organization, prioritization, rationalization and analytics skills
- An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders.
- A well-developed understanding of and appreciation for business needs and a commitment to leading the application security team in delivering high-quality, prompt, and efficient service to the business.
- A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge.
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
- An ability to effectively influence others to modify their opinions, plans, or behaviors.
- An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, structured and actionable manner.
- Understanding of application security fundamentals and general security technologies.
What you’ll need:
- BS or higher degree in Computer science, Information Security, or equivalent experience
- 5+ years of professional experience in Application Programming and IT Security, compliance and risk management, including privacy, data protection, security controls, etc.
- Knowledge of software and network architecture and standards: MVC
- Experience with either Agile or Waterfall SDLC methodologies
- Experience in developing an SDL
- Experience training technical teams on security related topics: SDL, anti-patterns, vulnerability prevention
- 5+ experience working with national and international regulatory compliance frameworks such as ISO27000, COBIT, NIST, HIPAA, PCI DSS, and OWASP.
We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment, hiring, training, promotion or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital or veteran status, medical condition or disability, or any other legally protected status. If you require a reasonable accommodation to complete an application for a recognized disability under applicable law, please email USApplicationAccommodation@support.lorealusa.com.