Director, Application Security
Remote job description
Director, Application Security
Want to work with fearless innovators, visionaries, and community-minded people who challenge the status quo? We do too.
Plex is more than a software company - we're a team of disruptors who are driving innovation and unlocking the promise and value of smart manufacturing.
It isn't a trend or a moment, it's a movement. And we're leading it, but we can't lead it alone.
That's where you come in.
Plex Systems, Inc.? delivers the first smart manufacturing platform, helping the world's leading innovators to make awesome products. Built in the cloud, the Plex Smart Manufacturing Platform includes MES, ERP, supply chain management, Industrial IoT, and analytics.
We believe that anything that can be made can be made better, and we are focused on finding the right people to help us achieve the big important tasks ahead.
Is that person you?
In support of our ongoing growth, we are looking for an Application Security Director. Reporting directly to the Plex CSO, you will provide technical leadership for our Security Development Lifecycle by establishing clear direction, a dynamic security culture, and measurable goals to continually improve our application security strategy.
In this hands-on role, you will oversee adoption of our SAST, drive risk-based timely remediation of gaps, ensure alignment to security NFRs, and audit for compliance to policy and external requirements. You'll approach application security with a pragmatic perspective of risk management and avoid purely academic thinking about software security.
WHAT'S YOUR IMPACT?
- Own the complete adoption of our SAST in the CI/CD pipeline and risk quantification and management of DAST and other relevant code-scanning results
- Work with development teams to ensure NFRS are built into new products from the design phase
- Work with engineering teams to make architectural decisions
- Support incident response as needed
- Manage penetration testing services
- Manage and track remediation activities in Confluence
- Evangelize security best practices within the development teams and build security expertise across the organization
- Develop KPIs and drive continuous improvement
- Look for training opportunities to continue building a best-in-class product development group
- Manage regular vulnerability remediation reviews with the product development teams and present weekly status reports to Plex CSO
IS IT IN YOU?
- A completed bachelor's degree in Computer Science, Software Engineering or related technical field is required
- 5+ years of progressively more complex AppSec
- Strong leadership skills and effective management of highly technical individuals
- In-depth experience with common security tools such as Sonarqube, WhiteHat and JFrog, across SAST, DAST, IAST, and PenTest vendors
- Advanced knowledge of OWASP Top 10 and CWE/SANS Top 25 listings as well as practical, hands-on experience with the development, testing, and remediation of software security issues
- Familiarity with agile development processes and experience integrating secure development best practices into an agile model, Microsoft SDL experience a plus
- Software engineering experience with Microsoft and/or Java web applications, specific experience with ASP.NET, Angular, and Apache/Tomcat a plus
- Familiarity with industry standards and regulations including but not limited to ISO27001 and NIST CFS
- Strong personal ethics and understanding of ethics in Application and Information Security
- CISSP strongly desired
WHAT'S IN IT FOR YOU?
We are proud to be recognized as one of the top workplaces in the tech industry. Our inviting culture fosters collaboration, innovation, and motivates team members to take on important work, every day.
In addition to all the benefits you'd expect from a world-class company like ours, we also offer Day One benefits, career growth and professional development opportunities, tuition reimbursement, unlimited paid time off, a wellness allowance to support your family's well-being, sustainable work-life balance, and flexibility. Our multiple office locations offer a casual-dress workplace, complimentary snacks and drinks, and "de-stress areas" complete with amenities in some locations like massage chairs, golf simulator, ping pong tables and more.
Plex values the power of diversity and inclusion - it isn't just a talking point for us. It drives our business and fosters fresh thinking, and is reflected in the individuals we hire, and the culture and community we've built to support them, such as our Women@Plex and Pride@Plex groups. As an equal opportunity employer, we welcome applicants of all types and from all backgrounds. Plex urges our employees to understand, accept, and celebrate the differences among people.
SOUND LIKE YOUR DREAM JOB?
EXCITED ABOUT PLEX BUT NOT THE RIGHT GIG?
Don't despair - your perfect fit is on its way! Stay connected, sign up for job alerts or submit a general application on the Plex Careers page.
Company name: Plex Systems
Remote job title: Director, Application Security at Plex Systems () (allows remote)
Job tags: security, agile, c#, owasp, asp.net