Find your next role

Description

The re:Cycle Reverse Logistics (RRL) organization offers worldwide cloud computing providers with a centralized means to sort, function test, in-warranty return, and disposition server and networking assets that break or are no longer needed in the fleet. The RRL Operations Integration team supports RRL’s operations by developing and administrating the warehouse operational processes, as well as the organization’s cloud-based software solutions, cross-service integrations, and cross-organizational relationships that make our processes and systems (used by 400+ operators worldwide) possible. The team is seeking a detail-oriented, forward-thinking, and self-motivated Application Security Manager to take ownership of the organization’s proactive application security programs, ensuring that the systems and integrations used to track RRL’s assets is consistently and proactively secured in the wake of ongoing system changes in a fast-evolving technological landscape.

The Application Security Manager is the organization's primary owner for application security across our global portfolio of three cloud-based solutions — responsible for establishing and sustaining the security posture of every application and integration our team owns. This is a net new role built on the belief that application security must be owned proactively, not reactively — by someone who hunts for vulnerabilities rather than waiting for them to surface. Our Application Security Manager will own penetration testing strategy and execution, vulnerability identification and resolution, security incident response, threat modeling, recurring security audits, and automated security tooling across all three applications. They will ensure that authentication mechanisms, credentials, and secrets are consistently maintained, and that all cross-organizational security commitments are honored. They will engage regularly with engineering and product teams to evaluate new feature designs and assess code for vulnerabilities before anything reaches production, and will partner with compliance and vendor management teams to ensure third-party integrations are reviewed and implemented securely.

Key job responsibilities
• Define and implement recurring penetration testing strategies to proactively identify application security vulnerabilities and drive them to resolution.
• Conduct application code review evaluations and provide detailed assessments that highlight risks, vulnerabilities, and recommended remediations.
• Manage application security incident response, analysis, root cause identification, and repair to minimize impact and prevent recurrence.
• Analyze cross-organizational integrations and automation equipment, and lead associated vendor, data, and security reviews from documentation through resolution, ensuring that only secured solutions are implemented.
• Develop and maintain organizational threat models to identify emerging risks and ensure the team consistently raises the security bar across all applications.
• Conduct recurring proactive security audits on application access points, configurations, integrations and upstream/downstream systems, and internal and shared resources to identify and resolve accessibility and data security risks.
• Develop formal documentation and security policies to effectively communicate our application security posture to a variety of internal and external stakeholders.
• Maintain application credential, authentication, and secret management mechanisms to ensure access controls remain robust and current.