Spectrum - Greenwood Village, CO
posted 3 months ago
This position will be responsible for running, maturing, and growing the Charter / Spectrum Application Security Scanning program. The individual will actively identify, evaluate, and implement industry-leading application security tools and techniques. This role involves maintaining and updating application security processes and procedures, mentoring other engineering members of the team, and validating scan results for accuracy and completeness. The successful candidate will demonstrate application security scanning subject matter expertise across system, application, container, and cloud workloads, with a preference for AWS environments. The responsibilities include evolving, expanding, and operating the Spectrum Application Security activities within the Vulnerability Management team. The individual will provide executive-level communication of Vulnerability Management information to system owners, executive stakeholders, and security management. They will also develop and publish Key Performance Indicators (KPIs) that monitor the efficacy of Vulnerability Management activities. Analyzing the results of application scans, understanding the results, eliminating false positives, and advising on coding best practices are critical components of this role. Additionally, the candidate will develop best practices for detecting and remediating secrets, including API keys and other credentials, and maintain effective processes and procedures for Static and Dynamic code analysis (SAST/DAST), Software Bill of Materials (SBOM), and Software Composition Analysis (SCA). A thorough understanding of web application security concepts, principles, and guidelines, such as OWASP, is essential. The role requires collaboration with all levels of the business and adherence to industry-specific local, state, and federal regulations, as applicable.