The Sr. Application Security Manager is responsible for the oversight of the security components of web application projects, ensuring adherence to both internal standards and external regulations. This role will manage, track and drive remediation of application security risks, collaborate with development teams, and utilize project management tools effectively to ensure timely execution and compliance. The position plays a critical role in helping to ensure that the company’s risk-taking entit... more details
Job Number 24085130 Job Category Information Technology Location Marriott International HQ, 7750 Wisconsin Avenue, Bethesda, Maryland, United States VIEW ON MAP Schedule Full-Time Located Remotely? Y Relocation? N Position Type Management JOB SUMMARY The Sr. Application Security Manager is responsible for the oversight of the security components of web application projects, ensuring adherence to both internal standards and external regulations. This role will manage, track and drive remediation of application security risks, collaborate with development teams, and utilize project management tools effectively to ensure timely execution and compliance. The position plays a critical role in helping to ensure that the company’s risk-taking entities are aware of the risks inherent in their activities and decisions, the impact of their actions on the company at an enterprise level, and opportunities to reduce, mitigate, or avoid risks altogether. CANDIDATE PROFILE Education and Experience Required: Bachelor’s degree in Cybersecurity, Computer Sciences or related field or equivalent experience/certification 7+ years of progressive information technology/information security experience with several years of team leadership or supervisory/management experience 3+ years of experience with Application Security testing methodologies (SAST, DAST, IAST, MPT) 2+ years’ experience working in programming languages such as Java, C++, Go, PHP 2+ years’ experience with JavaScript and at least one JavaScript framework (e.g., Angular, React, Vue) 1+ years hands-on experience with: OWASP ASVS and OWASP WSTG and their applications to large enterprise environments MITRE CVE, CWE, CAPEC and ATT&CK Performing secure code reviews, issue triage and determining the efficacy of remediation approaches. Experience with common GitHub operations (e.g., cloning, branching, merging, pull requests) Experience with JIRA and ServiceNow Preferred: Master’s degree in Cybersecurity, Computer Sciences or related field or equivalent experience/certification Current information security certification, including: GPEN, GWAPT, OSCP, OSWE Certified Scrum Master (CSM) and/or Project Management Professional (PMP) Demonstratable working knowledge of common risk management frameworks such as: FAIR, NIST RMF, MITRE TARA, OCTAVE Technical leadership experience in a highly regulated environment Project management skills with a demonstrated ability to work independently and with others Software engineering background with a focus on web application development Demonstratable working knowledge of SAFe practices, principals, and roles. Experience using the following security tools: GitHub Advanced Security (CodeQL, Dependabot, Secret Scanner), Tenable.io, Aqua CSP and Contrast Asses. CORE WORK ACTIVITIES Application Security Risk Management & Tracking Conducts assessments of threats and vulnerabilities, determine deviations from acceptable configurations or enterprise or local policy, assesses the level of risk, and develop and/or recommend appropriate mitigation countermeasures. Assesses and prioritize security risks associated with applications and develop risk mitigation strategies. Monitors and evaluates emerging threats and vulnerabilities, recommending proactive measures to mitigate risks. Continuously monitors application security risks, ensuring timely follow-ups on identified vulnerabilities and implementing effective solutions. Develops and implements security metrics that provide insights into the effectiveness of security measures, track progress, and identify areas for improvement. Maintains effective communication with all stakeholders, providing regular updates on risk status, project progress, and compliance through concise reports and presentations. Articulates complex security concepts in easy-to-understand language to both technical and non-technical stakeholders . Leads and mentors a team dedicated to application security, promoting continuous learning and improvement in secure coding practices and risk management. Stays current on emerging cyber and technology threats and potential implications. Coordinates program-related activities and deliverables to ensure effective collaboration within the team and across stakeholder groups. Adapts self and team to a rapidly changing organization Provides strategic leadership and collaborates to manage the organization’s Cybersecurity risk oversight initiatives Provides subject matter expertise in cybersecurity, to include maintaining and sharing knowledge of current and emerging cyber risk management practices and tools. Advocates for policy changes and creates business cases on behalf of the company via a wide range of written and oral work products. Managing Projects and Priorities Develops specific goals and plans to prioritize, organize, and accomplish work for self and direct reports. Provides direction and assistance to other teams regarding projects. Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule. Analyzes information and evaluates results to choose the best solution and solve problems. Thinks creatively and practically to develop, execute and implement new plans or programs. Generates and provides accurate and timely results in the form of reports, presentations, etc. Plans, develops, implements, and evaluates the quality of the teams’ operations. Provides recommendations to improve the effectiveness of processes or programs. Understands and meets the needs of key stakeholders. Supports achievement of performance goals, budget goals, team goals, etc. Leading Discipline Team Champions leaders’ vision for product and service delivery. Works with direct reports and peers to develop and implement strategies and goals. Communicates a clear and consistent message regarding goals to produce desired results. Makes and executes the necessary decisions to keep team moving forward toward achievement of goals. Provides targeted and timely communication of results, achievements and challenges to direct reports, peers, and leaders. Managing and Conducting Human Resources Activities Interviews and hires employees. Promotes the fair and equitable treatment of employees. Facilitates regular, ongoing communication in department (e.g., staff meetings). Fosters employee commitment to providing excellent service, participates in daily stand-up meetings and models desired service behaviors in all interactions with customer and employees. Incorporates customer satisfaction as a component of staff/operations meetings with an emphasis on generating innovative ways to continually improve results. Sets goals and expectations for direct reports using the performance review process and holds staff accountable for performance goals. Solicits employee feedback. Utilizes an “open door policy” and reviews employee satisfaction results to identify and address employee problems or concerns Promotes adherence to policies consistently, follows disciplinary procedures and documents items according to Standard and Local Operating Conducts annual performance appraisal with direct reports according to Standard Operating Procedures. Champions change ensures brand and regional business initiatives are implemented and communicates follow-up actions to team as necessary. Identifies talents of direct reports and their teams and assists with their growth and development plans. California Applicants Only: The salary range for this position is $96,038.00 to $209,169.00 annually. Colorado Applicants Only: The salary range for this position is $96,038.00 to $190,154.00 annually. Hawaii Applicants Only: The salary range for this position is $116,205.00 to $209,169.00 annually. New York Applicants Only: The salary range for this position is $96,038.00 to $209,169.00 annually. Washington Applicants Only: The salary range for this position is $96,038.00 to $209,169.00 annually. In addition to the annual salary, the position will be eligible to receive an annual bonus. Employees will accrue 0.04616 PTO balance for every hour worked and eligible to receive minimum of 7 holidays annually. All locations offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, educational assistance, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others. Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions. The application deadline for this position is 28 days after the date of this posting, 5/15/2024. Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law. Marriott International is the world’s largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work, begin your purpose, belong to an amazing global team, and become the best version of you.