Application Security Manager

Chicago, IL /
Chicago Headquarters – Security /
Take your career to new heights working with an amazing company doing next level work in the FinTech industry.  At Amount we have a thriving culture and possess a truly entrepreneurial spirit.  We value innovation and individual voices, we are committed to active inclusion and diversity, and we support each other's growth.   Most importantly, we’re always ready to hustle!

About Us
Amount is a technology company focused on accelerating the world’s transition to digital financial services. We create technology experiences that help financial institutions better understand their customers while enabling them to live their best financial lives. We aim to make it easier for financial institutions to provide greater access and smarter tools, so everyone has the opportunity to tackle the financial challenges they face. Our technology is shaping the future of financial services by enabling our partners to better understand and serve their customers, and we are looking for talented team members to join us on the journey.

Amount is seeking an Application Security (AppSec) Manager. The right candidate for the role is someone that has the ability to manage application security program, guiding the development teams to adhere to secure development lifecycle principles, integrating Application Security into the Continuous Integration/Continuous Deployment (CI/CD) pipeline, specialized testing and release scanning. The AppSec Manager’s core responsibilities include managing a team of application security analysts/engineers performing triage of application risks and vulnerabilities, drive organization change, drive expansion of application security architecture reviews, assessments and threat modeling against various threat vectors.

If you’re ready to thrive in a fast-paced environment, come join an organization with visionary leadership and FinTech disruptors.  With your help, we will continue to reinvent banking by helping our Amount platform partners innovate and digitize their banking products and services!

What you’ll work on:

    • Lead a team responsible for conducting static code analysis (SAST), dynamic analysis (DAST), and IAST threat modeling, and manage our secure system development lifecycle program.
    • Execute on our secure software development strategy for the enterprise.
    • Manage and drive automation to integrate Application Security into teams across the enterprise.
    • Partner with engineering teams across the company to design, develop, and implement security solutions to identify and close security gaps for the Amount platform built and deployed in AWS cloud.
    • Build strong relationships with Amount’s technical teams and promote a culture of security awareness and ownership.
    • Provide support and expert application security guidance during partner audits/assessments.
    • Define risk-based approach enabling teams to make the right security decisions and priorities.
    • Identify gaps in existing security architecture and design and recommend changes or enhancements.
    • Develop/maintain procedures to perform Code Reviews to assess potential security vulnerabilities.
    • Provide hands on security training and secure coding best practices to developers.

Why you are a fit:

    • 7+ years’ of relevant experience related to IT Security to include at least 4+ years’ secure coding or serving an application security role in a production environment.
    • Demonstrates expertise in multiple security specialties related to securely coding applications and technical platforms along with strong understanding of the technical architecture of the organization.
    • Possesses strong understanding of diverse security practices along with IT risk management concepts and applies them effectively when coding security solutions.
    • Hands on experience in Threat Modeling, SAST, DAST, and Web application security including OWASP 10 and SANS 25.
    • Well versed in secure coding techniques and cloud security.
    • Strong secure web application development skills.
    • Proficient with relevant application security testing tools such as Contrast, Burp, and OWASP ZAP.
    • Very strong knowledge of application security threats, secure software development, and software development concepts.
    • Familiarity with Systems Lifecycle Development (SDLC) best practices.
    • Demonstrated excellence in providing superb customer service.
    • Strong communication skills (written, verbal, and listening).
    • Proven leadership experience and the ability to interface with all levels (executive to entry level).
    • Experience with continuous build and deployment systems.
    • Experience utilizing Cloud Platform as a Service.
    • Build tools and automation that enable Coupang developers to easily consume security services delivered by the security team.
    • Experience with Scrum/Agile software development.
    • Experience with public cloud environments and technologies, including Amazon Web Services (AWS) or other.
    • Experience in DevOps environments and automating security controls into the CI/CD process.
    • Experience with Jenkins or other CI tools and knowledge of technologies like containers and microservices.
    • Development experience in Python, Java, JavaScript, or Ruby.
Our values:

Optimistic: We believe technology has the power to improve the financial lives of everyone. 
Teamwork: We make the best technology work for our clients by working together. 
Risk Aware: We understand the impacts of each and every decision we make in our high risk industry. 
Integrity: We work honestly and undivided in our commitment to make more possible. 
Eager: We are self-starters, fully engaged and committed to pushing great ideas forward quickly and responsibly.
Respectful: We honor diversity, value inclusion, and create an environment of belonging for people of all backgrounds. 
Committed: We are dedicated to the highest standard for our partners, their customers, and our people. 
Curious: We seek to understand the core of each problem, enabling us to find the right solution. 

Benefits and Perks:

-Take the time you need when you need it through our Flexible PTO with open vacation policy.
-Enjoy a daily lunch subsidy through our Fooda partnership, and healthy snacks!
-We also offer monthly treats, wine and beer on tap, and more! 
-Some days it can be difficult to commute into the office, we are happy to offer work from home flexibility with sign off from your manager. 
-Stay active by taking advantage of our onsite gym membership
-We offer medical, dental, and vision - we also have an Employee Assistance Program and commuter benefits.
-We are proud to offer meaningful equity and a competitive 401k plan.  
-Short-term disability, long-term disability, and life insurance are options too!