Application Security Manager Workday
Pleasanton, CA

Job Description

Join our team and experience Workday!

It's fun to work in a company where people truly believe in what they're doing. At Workday, we're committed to bringing passion and customer focus to the business of enterprise applications. We work hard, and we're serious about what we do. But we like to have a good time, too. In fact, we run our company with that principle in mind every day: One of our core values is fun.

Job Description

Position Overview

Are you excited about security and the cloud? Are you proficient in broad & deep application security skills? Do you enjoy people management while working in a fast-paced environment? Join us at Workday for an exciting and challenging new role. We are looking for a Manager of Application Security to help us make sure that our software is built securely from the ground up.

In this role, managing a team of application security engineers, you will own the entire application security lifecycle and be responsible to align and drive security practices into every phase of the SDLC across the company.

Responsibilities

* Manage a team of application security engineers
* Drive activities like application security training, requirements & standards, threat modeling, static & dynamic security testing and so on, into Workday's development processes
* Identify, prioritize and promote security practices that create the most impact in reducing overall security risk of the application
* Build and grow the team to its next level of maturity
* Mentor and guide the security engineers in their growth, acting as a role model and providing hands-on support when needed
* Provide application security guidance and oversight across Security, Development & Operations teams
* Influence the design and implementation of upcoming products and services with security by default mindset
* Using a risk-based approach, advocate for and help prioritize remediation of security findings
* Work with leadership to define goals, roadmaps & prioritize work
* Develop and report metrics measuring the state of application security program
* Stay connected with the broader security community and research areas of investment or improvement

Minimum Qualifications

* BA/BS in Computer Science or a closely-related degree (MS preferred)
* 10+ years of relevant industry experience, with 5+ years of hands-on technical leadership and 3+ years of people management experience
* Experience working with distributed teams and other cross-functional stakeholders
* Hands-on working experience with securing web applications
* Strong knowledge of secure design practices and common software vulnerabilities such as CWE top 25 and OWASP top 10
* Development experience in one or more of these technologies: Java, Scala, Ruby, or Python
* Experience driving application security in an Agile, CI/CD and cloud environments such as AWS
* Proactive, organized, analytical, detail-oriented and persistent