Job Location: United States : North Carolina : Cary
As a part of the Cyber Security function, the Director, Application Security role leads the global program to advance the state of application security protection at MetLife by providing strategic and technical leadership for all aspects of the program covering thousands of applications across the globe for MetLife. The security program span across multiple geographical locations and enterprise functional areas, the program components include application security standards/procedure, proactive risk mitigation programs, early lifecycle risk identification, vulnerability identification & management and also application risk management.
The successful candidate will collaborate with globally distributed development teams to apply best in class practices and technology solutions for securing a very diverse set of applications. As the security and compliance landscape continues to evolve, he/she will continue to refine and improve the program in a strategic manner to ensure the application security program at MetLife continues to function as effectively and as securely as possible.
- Define and promote the best practices in secure development to the developer globally and continually refine the secure coding standards in conjunction with the development and architecture teams.
- Govern the implementation of application security program across MetLife globally. Collaborate with large group of stakeholders to maintain and improve the efficiency and effectiveness of the application security program which includes the continuous global delivery of multiple program components by directly and indirectly managed teams and third party providers.
- Manage and maintain a large scale application testing effort which includes internal resources, 3rd party vendors, processes and tools for servicing all of MetLife’s global applications. Continually refine the application security testing requirements, methodologies and workflow.
- Steer the remediation efforts of application vulnerabilities, providing guidance and coaching where necessary to development teams on the best approaches with vulnerability remediation activities.
- Provide visibility to the state of application security in the organization via metrics reporting and internal briefings, also to liaise with external/internal auditors on application security subjects.
- 10 years+ of experience in application security related areas with in-depth knowledge of managing resources and projects globally
- Prior experience in a global multiple stakeholders environment is a requirement
- Knowledge on the discovery of vulnerabilities in applications, including the technologies, methodologies and enterprise workflow to support the activities
- Industry certifications such as GWEB, GWAPT, CSSLP, CISM strongly preferred
- Advanced understand of traditional software development lifecycles and more recent models of Agile and DevOps
- In-depth technical knowledge on securing applications including the strategic and tactical fixes for common vulnerabilities and competent knowledge with industry standards in application security such as the SANS SWAT checklist and OWASP Top 10
- Experience in driving application security remediation at enterprise scale with diverse stakeholders
- Experience with IT process excellence and six sigma/lean certification preferred
At MetLife, we’re leading the global transformation of an industry we’ve long defined. United in purpose, diverse in perspective, we’re dedicated to making a difference in the lives of our customers.
MetLife is a proud equal opportunity/affirmative action employer committed to attracting, retaining, and maximizing the performance of a diverse and inclusive workforce. It is MetLife's policy to ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.
MetLife maintains a drug-free workplace.
For immediate consideration, click the Apply Now button. You will be directed to complete an on-line profile. Upon completion, you will receive an automated confirmation email verifying you have successfully applied to the job.
Requisition #: 43081
A little about us:
MetLife offers life insurance, disability income insurance, car insurance, employee benefits and more.