Jobs · Finance · Maryland

Application Compliance & Security Lead

On-siteFinance$100k/yrFull-time

About the role

We are seeking an Application Security Leader to help ensure our applications meet industry security standards while enabling our developers to work efficiently. You will join our enterprise applications team as the primary authority on application security and CMMC compliance.

Responsibilities

  • Drive CMMC compliance strategy across our application portfolio, translating sophisticated requirements into actionable security controls that development teams can understand and implement.
  • Serve as the go-to resource for application teams on security and compliance matters, providing practical guidance on secure development practices and helping teams navigate CMMC, NIST 800-171, SSDF, and DFARS requirements.
  • Implement and maintain application security tooling including SAST, DAST, SBOM vulnerability analysis, container scanning, and dependency management, integrating these tools into CI/CD pipelines and DevSecOps workflows.
  • Guide service and project managers through compliance requirements with concrete, SDLC-relevant examples, evaluating data security needs and establishing realistic security boundaries.
  • Integrate security reviews into agile sprints, remove process bottlenecks by collaborating with GRC and InfoSec teams, and maintain compliance documentation for application security controls.
  • Train and mentor developers on secure coding standards, conduct security assessments to identify vulnerabilities.

Qualifications

  • Have a Bachelor’s degree in Computer Science, Information Technology, or similar technical majors.
  • Have 5+ years in cybersecurity, GRC, or compliance and DevSecOps.
  • Have solid knowledge of the CMMC framework, NIST SP 800-171, SSDF, and/or DFARS requirements, with proven ability to translate compliance frameworks into technical security controls.
  • Have software development experience in .NET, Java, Python, or similar languages with a solid grasp of the software development lifecycle.
  • Have experience implementing SAST, DAST, SCA, and SBOM tools such as SonarQube, Checkmarx, Veracode, Snyk, or OWASP ZAP.
  • Have experience integrating security into CI/CD pipelines using tools like GitLab CI or Azure DevOps, with strong DevSecOps and shift-left security principles.
  • Lead cross-team initiatives and influence without formal authority, with excellent communication skills for both technical and non-technical audiences.
  • Able to obtain a Secret level security clearance.

Similar jobs

Lead, Application Security

Prudential FinancialNewark, NJ· 2 wk ago
Information Technology$124k–$204k/yrapply on pru.wd5.myworkdayjobs.com