Application Security Manager (R00080572_San Jose)
We are a global collective of innovators applying the New every day to improve the way the world works and lives. Help us show the world what’s possible as you partner with clients to unlock hidden value and deliver innovative solutions. Empowered with innovative tools, continuous learning, and a global community of diverse talent and perspectives, we drive success in a new business architecture that disrupts conventional practices. Our expertise spans 40+ industries across 120+ countries and impacts millions of lives every day. We turn ideas into reality.
Accenture Security delivers continuous, rapid-fire innovation and new business capabilities that meet —and redefine—the needs of the digital era. You’ll help our clients—including 94 of the Fortune 100 and governments around the world—transform their technology infrastructures using resources that range from cloud, data centers, and workplace to networks, security, and managed services.
Application Security professionals sell, assess, define, implement and/or support world-class application security solutions for Accenture or our clients, spanning simple IT projects to large-scale, enterprise-level programs.
A strong background in the secure development and delivery of software products and services is a significant bonus.
The Work (Role Responsibility)
The Application Security Manager assists teams, create/evangelizes/sells solutions, and provides consultative guidance to help clients implement traditional Application Security capabilities as well as modern DevSecOps solutions that accelerate secure product development in both on-premise and cloud environments. Engagements range from short-term assessments to large-scale, enterprise transformations. Application Security solutions may involve program development, governance, enablement, cloud services, application containers, container orchestration services, and serverless cloud functions. The Security Consultant will assist with client workshops, oversee client engagements, and provide consultative guidance to help clients implement Application Security capabilities that accelerate secure product development in both on-premise and cloud environments. The Security Consultant will also assist with Application Security assessments of client methodologies and architectures and define solutions that produce tailored solutions and operating models inclusive of target state people, processes, tools, and technologies.
- Lead efforts to develop proposals and evangelize/market/sell solutions in the Secure Application Development domain
- Partner with Leaders and Account Team members to support innovation, growth, and business development activities
- Cultivate opportunities to grow business from existing client engagements
- Oversee the health and successful delivery of client engagements
- Help clients achieve the benefits that Application Security, DevSecOps, and a Shift Security Left methodology can offer
- Leverage skills, experience, and subject matter expertise to serve clients in a consultative role as well as in a technical capacity
- Assist with the design, development, and rollout of Application Security programs, capabilities, and practices that typically involve the integration of security into building automation, deployment automation, test automation, SDLC orchestration, environment management, monitoring, metrics, dashboards, and production release procedures
- Drive adoption of relevant Secure Application Development principles, tools, and practices to help clients achieve higher levels of maturity
- Mentor, coach, supervise and develop team members
- Provide knowledge transfer and earning opportunities for team members to enhance their skills and experience
- Promote a Secure Application Development culture in our clients and within Accenture
- Lead efforts to identify, interview and hire talented professionals into the Secure Application Development domain
For now, all Accenture business travel, international and domestic, is currently restricted to client-essential sales/delivery activity only.
Please note: The safety and well-being of our people continue to be the top priority, and our decisions around travel are informed by government COVID-19 response directives, recommendations from leading health authorities, and guidance from a number of infectious disease experts.Qualifications
- Minimum of 5 years of experience managing medium to large-sized IT teams and IT projects
- Minimum of 5 years of experience working with secure development methodologies and tools, such as SAST, SCA, DAST, and/or Penetration Testing Tools
- Minimum of 3 years of experience leading DevOps-based software development teams that involved
- Working in an Agile development environment, with an end-to-end understanding of the SDLC
- DevOps CI/CD tools such as Git, Jenkins, Ant/Maven/Gradle, Nexus/Artifactory, SonarQube, Puppet/Chef/Ansible, etc.
- Application container tools and technologies such as Docker, Kubernetes, Image Registries, or equivalent cloud services
Bachelor's degree or equivalent (minimum 12 years work experience). If Associate’s Degree must have equivalent minimum 6-year work experience.
- The candidate is not expected to have all the skills listed in this category, but the items on this list are a definite bonus
- Solid understanding of the end-to-end secure software development life cycle (S-SDLC)
- Familiar with one or more software security frameworks and maturity models such as OWASP, NIST, BSIMM, OpenSAMM, etc.)
- A strong desire to facilitate and pursue training, education, and certifications that support professional growth as a Subject Matter Expert (SME) in Application Security
- Degree/experience requirements: A Bachelor of Science Degree in a technical concentration (Math, Engineering, Computer Science, Cyber Security) is preferred, but candidates with non-technical degrees or without degrees will be considered by demonstrating extensive relevant experience in Information Technology and Security which supports expertise in the skills needed to execute this role.
- Ability to travel up to 100%, but more typically Monday through Thursday at client locations (when business travel resumes – current work is 100% remote)
- Solid understanding of the end-to-end secure software development life cycle (S-SDLC)
- Experience designing, developing, deploying, and securing web and cloud-native applications
- Experience with Lean, Agile, and DevOps methodologies
- Experience with DevOps CI/CD tools, capabilities, and security integrations.
- Experience with one or more Infrastructure as Code tools and technologies such as AWS CloudFormation Templates, Azure Resource Manager Templates, Google Cloud Deployment Manager Templates, OpenStack Heat, Terraform, Ansible, etc.
- Experience performing application security assessments that involve threat modeling, security testing, and vulnerability management and remediation
- Experience with at least 1 of the following: Amazon Web Services, Microsoft Azure, Google Cloud Platform
- Cloud Certification (Practitioner, Security, Developer, Architect)
- Industry-recognized certification in security (e.g., CISSP, CSSLP, CASE, CEH, etc.)
- Bonus – Experience with one or more of the following technologies: cloud computing, Infrastructure-as-Code, application containers (Docker, OpenShift or equivalent, image registries), container orchestration (Kubernetes, Docker Swarm or cloud equivalent), container security tools (Aqua Security, Twistlock, NeuVector, jFrog Xray, Clair, Sysdig, etc.), microservices, identity and access management, secrets management (such as Hashicorp Vault)
As required by Colorado law under the Equal Pay for Equal Work Act, Accenture provides a reasonable range of compensation for roles that may be hired in Colorado. Actual compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, and specific office location. For the state of Colorado only, the range of starting pay for this role is $152,000 to $190,000 and [Register to View]
Equal Employment Opportunity Statement
Accenture is an Equal Opportunity Employer. We believe that no one should be discriminated against because of their differences, such as age, disability, ethnicity, gender, gender identity and expression, religion or sexual orientation.
All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.
Accenture is committed to providing veteran employment opportunities to our service men and women.
For details, view a copy of the [Register to View] .
Requesting An Accommodation
Accenture is committed to providing equal employment opportunities for persons with disabilities or religious observances, including reasonable accommodation when needed. If you are hired by Accenture and require accommodation to perform the essential functions of your role, you will be asked to participate in our reasonable accommodation process. Accommodations made to facilitate the recruiting process are not a guarantee of future or continued accommodations once hired.
If you would like to be considered for employment opportunities with Accenture and have accommodation needs for a disability or religious observance, please call us toll free at 1 [Register to View] , send us an [Register to View] or speak with your recruiter.
Other Employment Statements
Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States.
Candidates who are currently employed by a client of Accenture or an affiliated Accenture business may not be eligible for consideration.
Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.
The Company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Additionally, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company's legal duty to furnish information.