Application Security Manager (398291)

Job Category: DevOps / Sysadmin

About Foundever®

Foundever™ is a global leader in the customer experience (CX) industry. With 170,000 associates across the globe, we’re the team behind the best experiences for +750 of the world’s leading and digital-first brands. Our innovative CX solutions, technology, and expertise are designed to support operational needs for our clients and deliver a seamless experience to customers when it matters.

The Role

The Application Security Manager will be responsible for the architecture and engineering aspects of embedding security into the day-to-day activities of the software engineering teams. This ensures the systems developed comply with applicable security policies, regulations, and industry standards.

The position involves identifying and reporting vulnerabilities in internally developed applications and their supporting infrastructure. It also includes researching threats and attack vectors that impact web, enterprise, and mobile applications. With a focus on turning vulnerabilities into actionable opportunities to improve the security posture of products and systems, the position will assist the Product Engineering and IT teams in remediation efforts and creating appropriate processes to reduce the number of vulnerabilities early in the development phases. This position will also serve as the point of contact for any security engineering-related items for the region where it is located.

This role can be located in Portugal or the LATAM region.

Responsibilities (What You’ll Do)

• Demonstrate skills in Cyber Security and associated compliance regulations and industry standards, including SSAE18, PCI-DSS, ITIL, ISO 27001, COBIT, and NIST 800-53.
• Conduct reviews of existing application code and implementations, recommending industry best practices. Analyze multiple instances of vulnerability patterns to eliminate existing risks through the development of policies and processes.
• Support application security initiatives to ensure software applications do not pose information risk to the company, developing and updating security patterns aligned with security requirements.
• Support AI initiatives, ensuring the security implementation of the technology.
• Partner with teams to deliver security risk assessments, manual/automated/external penetration testing, automate security testing, threat modeling, and education on secure coding.
• Integrate Static and Dynamic Application Security Testing and reporting into the SDLC to ensure that new applications or applications undergoing a major change are assessed for vulnerabilities before production implementation.
• Create functional and non-functional security requirements, including delivering secure cloud services that strike a balance of product usability.
• Use project management skills to organize, drive, and execute initiatives.
• Demonstrate collaboration with all global technology functions to ensure ongoing education, awareness, and execution align with the Security Engineering Roadmap.
• Demonstrate the ability to drive security conversations based on factual data.
• Demonstrate experience working in a complex global environment and being a security change agent to drive improved security controls and operations.
• Develop a Disaster Recovery strategy, partnering with technology to design, implement, and operate regional disaster recovery models and plans for applications.
• Work closely with the Global Director of Security Engineering on the development of functional goals and objectives.
• Be seen as a functional leader and resource within the company and security technical lead for the region.
• Support other areas in global security, including investigations, risk assessments, and new projects as required.
• Support the approval process for requirements from internal and external clients.

Skills and Qualifications

• Bachelor's Degree in computer science, engineering, business, or a related field, and/or equivalent field experience.
• Fluent in English, both written and verbal; bilingual a plus.
• 5+ years of increasingly diverse or complex experience in Cyber Security within a global environment.
• 3+ years of professional development or application security experience.
• Experience working in an ITIL environment.
• People management skills and proven experience leading diverse teams both on and offshore.
• Strong understanding of Software Security Architecture and Design, SDLC, CI/CD, and the ability to clearly articulate best practices for application security.
• Experience with application tools (DAST, SAST, IAST, RASP, WAF, etc.) and building strong vendor relationships.
• Previous application security testing or incident response experience, including documenting vulnerabilities, findings, or incidents.
• Understanding of ISO27001 processes and practices.
• Ability to create business strategies and business cases.
• Understanding of financial drivers and strong P&L experience.

Preferred Qualifications

• Prior call center experience is highly advantageous, given the specialized security environment that will be managed.
• CISSP (Must be obtained within 2 years of being in the role).