Application Security, Senior Manager

Key Role:

Establish and grow Booz Allen's Application Security practice, part of the Commercial Consulting Team.Define the Application Security team's direction, standards and requirements for services and solutions sold to Booz Allen Commercial customers. Enable businesses to understand risks and overall security posture of their application constructs. Educate and influence client software engineering teams on cybersecurity best practices. Assist clients to establish Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) relevant to their product and market goals around cybersecurity assurance.Work proactively with leaders across all levels to design, implement and support solutions that ensure clients have a secure-by-design and best practice approach across the full application security lifecycle in addition to working jointly with leaders across application development, technical and enterprise architecture, software reliability and cybersecurity to ensure application architectures and designs properly consider security best practices.Lead, hire and inspire teams of Application Security Engineers and Architects to perform security posture assessments of development and operational systems, provide recommendation and remediation plans along with development, implementation, and support of operational models supporting solutions and services meeting client requirements. This position is open to remote delivery anywhere within the U.S., to include the District of Columbia.

Basic Qualifications

• 3+ years of experience with leading technical teams in an Application Security field

• 5+ years of experience with application development and developing, architecting, and implementing software security solutions

• Experience with managing across SDLC, including vulnerability management considerations and modern development tools and frameworks

• Experience with software security assessment benchmarking using industry standard frameworks such as OWASP SAMM

• Experience with the integration of common infrastructure security technologies and solutions into business solution architectures

• Experience developing and securing software with code scanning tools and CI/CD pipelines

• Knowledge of OWASP Top 10 Vulnerabilities and prevention techniques and technology, security, risk, and compliance best practices

Additional Qualifications

• Knowledge of common security frameworks including OWASP and NIST

• Ability to create collaborative relationships with colleagues and influence without authority

Compensation:

At Booz Allen, we celebrate your contributions, provide you with opportunities and choices, and support your total well-being. Our offerings include health, life, disability, financial, and retirement benefits, as well as paid leave, professional development, tuition assistance, work-life programs, and dependent care. Our recognition awards program acknowledges employees for exceptional performance and superior demonstration of our values. Full time and part time employees working at least 20 hours a week on a regular basis are eligible to participate in Booz Allen's benefit programs, individuals that do not meet the threshold are only eligible for select offerings, not inclusive of health benefits.

Salary for this position is determined by various factors, including but not limited to, location, the candidate's particular combination of knowledge, skills, competencies and experience, as well as contract specific affordability and organizational requirements. The proposed salary range for this position is outlined below.

Colorado: $117,100 - $240,500 (annualized USD)

New York (including New York City): $123,300 - $286,300 (annualized USD)

We're an equal employment opportunity/affirmative action employer that empowers our people to fearlessly drive change - no matter their race, color, ethnicity, religion, sex (including pregnancy, childbirth, lactation, or related medical conditions), national origin, ancestry, age, marital status, sexual orientation, gender identity and expression, disability, veteran status, military or uniformed service member status, genetic information, or any other status protected by applicable federal, state, local, or international law.