Application Security Engineering Technical Director
Caesars Entertainment · Las Vegas, NV · 1 mo ago
RemoteRemoteInformation TechnologyFull-time
Responsibilities
- Develop and implement a comprehensive application security strategy aligned with business objectives, focusing on automation and proactive security measures.
- Lead, mentor, and grow a small team of application security engineers, fostering a culture of innovation, collaboration, and continuous improvement.
- Champion the "shift left" security philosophy, embedding security considerations early in the SDLC.
- Drive the implementation and optimization of automated security testing tools and processes, including SAST, DAST, SCA, and IAST.
- Integrate security testing seamlessly into CI/CD pipelines, enabling continuous security monitoring and remediation.
- Lead the evaluation, selection, implementation, and optimization of new application security technology solutions.
- Evaluate and manage relationships with security tool vendors, ensuring optimal performance and cost-effectiveness.
- Mentor and guide junior application security engineers, providing technical expertise and fostering professional development.
- Collaborate with cross-functional teams to continuously improve application security processes, tools, and workflows.
- Identify opportunities to enhance the identification, assessment, and remediation of software issues and vulnerabilities.
- Develop and implement scripts and workflows to streamline operations and reduce manual effort.
- Stay current with emerging security threats, software development practices and platforms, software vulnerabilities, and industry best practices.
- Closely partner with development teams to drive secure coding practices and application security principles.
- Effectively communicate complex technical issues to both technical teams and non-technical stakeholders.
- Prepare and deliver reports, dashboards, and presentations to leadership and other departments.
- Build strong relationships with IT, DevOps, and business units to ensure alignment on security objectives.
Qualifications
- 10+ years of experience in Cybersecurity or a related technology risk role, with a focus on engineering and application security.
- 5+ years of experience in a leadership role, managing and mentoring security and/or engineering teams.
- Proven experience in software development, with a strong understanding of secure coding practices and software architecture.
- In-depth knowledge of application security principles, including threat modeling, vulnerability assessment, and secure code review.
- Hands-on experience with security tools such as static and dynamic analysis tools, penetration testing frameworks, and security monitoring solutions.
- Strong experience integrating security testing into CI/CD pipelines using tools like Jenkins, GitLab CI, or Azure DevOps.
- Proficiency in scripting languages (e.g., Python, Bash) and infrastructure-as-code tools (e.g., Terraform, CloudFormation).
- Knowledge of cloud security principles and best practices (AWS, Azure, GCP).
- Relevant certifications such as AWS Certified Security Specialty, CISSP, GCIH, or GCED are preferred.
- Proven ability to mentor, lead, and develop application security engineers.
- Excellent verbal and written communication skills; ability to present technical concepts clearly.
- Strong teamwork skills and the ability to work with diverse teams across the organization.
- Analytical mindset with the ability to troubleshoot complex security issues.
- Ability to thrive in a fast-paced and evolving cybersecurity environment.