IT Application Security Manager

at  Unum

OUR STORY

Unum Technology Centre in Carlow serves as a strategic software development and IT services centre supporting Unum, a leading provider of income protection in the US. Our team of IT professionals build solutions and critical business applications to digitally transform the way we do business.

Our global security team act as a strategic advisor, managing information security standards and compliance in alignment with business priorities. We are looking for an Application Security Manager to help evolve a Security Software Group (CoE), in a DevSecOps environment, with a remit to;

• Provide Dev support for code testing and vulnerability resolution
• Create guidance for common remediations, general threats, secure coding practices
• Build security related services and security support such as libraries/SDKs
• Work Hand-in-Hand with Security Champions who are also App Dev Team members
• Work with Security Champions on Threat Modeling

The Manager role will also involve mentoring a number of Analyst and Engineers in our Irish office that work with our US colleagues in different IT security teams.

• Build relationships with developers, stakeholders and scrum masters to incorporate security principles into engineering design and deployments
• Supervise testing and validation in application security controls across projects
• Oversee implementation of defensive practices and countermeasures across infrastructure and applications
• Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads
• Simplify automation that applies security inter-workings with CI/CD pipelines
• Serve as a point of contact for security-based escalations and remain tightly involved through resolution
• Build services and tools to enable developers and engineers to easily use security components produced by application security team members
• Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle creating a robust DevSecOps environment.
• Identify vulnerabilities in code through automated and manual assessments, and promote quick remediation
• Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging
• Leverage vulnerability database sources to understand the weakness, probability and remediation options supplied by vendors as well as workarounds
• Join forces and provision security principles in architecture, infrastructure and code
• Regularly research and learn new tactics, techniques and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary through the CI/CD pipeline
• Enrich DevOps architecture with security standards and best practices
• Partner with teams to define key performance indicators (KPIs) and metrics across business units
• Assist with providing daily work direction, technical leadership and mentoring for team members.
• Mentors and coaches team members, ensuring personal development plans are focused on enhancing skills and expertise
• Collaborate with other IT security leaders to help remove obstacles and roadblocks that impact the performance of the overall global IT security team
• Works with other IT security leaders to review the operation and effectiveness of resourcing programs within the organization and contributes ideas for changes and improvements
• Adapts to change, acts as a change agent, and works effectively in a dynamic environment.