Senior Director of Application Security (Hybrid) Kansas City, Missouri
Progressive Leasing is a leading provider of in-store and e-commerce lease-to-own solutions. As an almost 20+ year old FinTech company that has gone from start-up to industry leader, we know how to innovate, simplify, and value all people. We are a company founded on our grit and we are constantly looking to the future. As an ever-evolving group of entrepreneurs and technologists, we strive to do the right thing period in all aspects of our work. We are a subsidiary of PROG Holdings (NYSE:PRG), an exciting FinTech holding company, with three business segments including Progressive, Vive Financial, and Four, a Buy Now Pay Later (BNPL) platform.
We are currently hiring a Senior Director of Application Security (Remote) to help grow our company and ensure our mission is achieved!
This role is a work from home position and can be performed remotely anywhere in the continental US or in one of our corporate locations in Utah or Arizona.
Employee Value Proposition (EVP): PROG is dedicated to providing people with opportunity; opportunity for inclusive collaboration, opportunity for innovation, and opportunity for development.
WE ARE: Prog Tech embodies the modernity and transformational vision that is core to our business evolution. As passionate and hungry technical experts, we join together on the mission of progressing through technology. We believe in taking pride in our engineering, in the relentless pursuit of daily progress, and to bring others with you in your march to the future. We continuously experiment, fail fast, and constantly deliver.
YOU ARE: A leader that works to provide engineering and product teams with the security expertise necessary to make secure application decisions. Our AppSec team manages our code vulnerabilities programs including red teaming, manual review, and static and dynamic code analysis. You will not only bring leadership expertise to lead a transformational team, but will also have hands-on application security expertise.
- Own and execute the vision for Application Security across the company
- Accountable for the overall implementation of the Application Security Process
- Serve as a Trusted Partner to educate Development Teams on Security Best Practices
- Drive the identification process for identifying security vulnerabilities, designing and executing on remediation plans involving the acquisition, design, test, integration, and implementation of advanced security tools
- Develop security tools to find or fix security issues. Use both automated and manual testing tools to find and validate vulnerabilities in our applications
- Drive teams that execute programmatic scans, pen-testing, red/blue/purple teaming, offensive security testing, threat modeling and bug bounty programs
- Assist development and operational teams in the appropriate application of security best practices and the use of advanced security technologies
- Internally recognized as highly competent in security areas, will review and participate in benchmarking, installation, upgrade, configuration, deployment and testing activity
- Investigate innovative approaches to improve software security
- Working knowledge of Secure SDL
- Knowledge of SAST and DAST
- Review and consult on security risks of Mobile, Web, and Cloud stacks
- Provide executive summary reports of assurance metrics to leadership with a comprehensive inventory of the attack surface, the state of testing and defensive coverage of surfaces, and real-time accounting of open risks within each application
- Familiarity with industry changes in security standards, information governance, development standards, methods and emerging 3rd party security software in order to advise on security and leverage industry best practice in the design and construction of products
- Familiarity with regulatory requirements, security certifications, and Security/Privacy Design concepts
- Create a center of expertise and forum for common application security design and reuse
- Participate in the definition and documentation of security standards and best practices
- Demonstrated technical expertise and understanding of modern development, languages, and cloud platforms
- Minimum of five years' experience managing a SDL (Secure Software Development Life Cycle) that integrates security into all stages of software development process for a large development organization
- Bachelor's degree in computer science or related discipline, or equivalent work experience
- Minimum of 10 years' experience in Information/Cyber Security field
- Minimum of 10 years' experience as a lead engineer or engineering manager or enterprise Tech solutions architect
YOU MIGHT ALSO HAVE:
- Master's degree in business or computer science is highly desired
- CISM, CISSP, OSCP, CEH preferred
- Demonstrated mastery of multiple security platform categories
- Demonstrated knowledge of secure build and configuration standards in a highly regulated environment
- Excellent communication and interpersonal skills. Including a strong ability to create positive and professional business relationships with partner engineering and architecture teams across Tech
- Strong commitment to working as a team and providing excellent customer service
- Competitive Compensation; Eligible for STI + LTI
- Full Health Benefits; Medical/Dental/Vision/Life Insurance + Paid Parental Leave
- Company Matched 401k
- Paid Time Off + Paid Holidays + Paid Volunteer Hours
- Employee Resource Groups (Black Inclusion Group, Women in Leadership, PRIDE, Adelante)
- Employee Stock Purchase Program
- Tuition Reimbursement
- Charitable Gift Matching
- Job required equipment and services
Progressive Leasing welcomes and encourages diversity in the workplace. We do not discriminate in any aspect of employment on the basis of race, color, religion, national origin, ancestry, gender, sexual orientation, gender identity and/or expression, age, veteran status, disability, or any other characteristic protected by federal, state, or local employment discrimination laws where Progressive Leasing does business.