Application Security Lead, Cyber Security Job at Stanley Black & Decker, Inc. in

Application Security Lead, Cyber Security

Direct message the job poster from Stanley Black & Decker, Inc. – New Britain, CT, United States – Hybrid

Come build something that matters. It takes great people to achieve greatness. People with a sense of purpose and integrity. People with a relentless pursuit of excellence. People who care about making things better For Those Who Make The World.

The Job: As Application Security Lead, Cyber Security, you’ll be part of our Tools & Outdoor team and will be working as a Hybrid employee. You will play a critical role in ensuring the security of a variety of SBD applications.

Responsibilities:

• Conduct security assessments and penetration testing of web and mobile applications using tools such as Burp Suite.
• Identify, analyze, and prioritize security vulnerabilities in applications and provide actionable recommendations for remediation.
• Collaborate with development teams to integrate security best practices into the Software Development Lifecycle.
• Utilize Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and secret scanning tools to automate security testing and improve the efficiency of vulnerability detection.
• Manage the vulnerability lifecycle, including identification, assessment/verification, mitigation assistance and remediation status tracking.
• Work with cross-functional teams to ensure timely and effective remediation of identified vulnerabilities.
• Stay up-to-date with the latest security threats, trends, and technologies, and proactively apply this knowledge to enhance our security measures.
• Develop and maintain security documentation, including security policies, standards, procedures, best practices/recommendations and guidelines.
• Educate and train development teams on secure coding practices and securing against the OWASP Top 10 vulnerabilities.
• Participate in incident response activities and exercises which would include: assisting in the initial investigation, pre and post mortem reporting, resolution of security incidents as well as assisting in documenting lessons learned to enhance security procedures for the future.

Requirements:

• Bachelor’s degree in Computer Science, Information Technology, or a related field
• Hands-on experience with penetration testing tools and creating meaningful reports to present to internal stakeholders of varying technical backgrounds.
• Proven experience in application security, with a strong understanding of the NIST Cybersecurity Framework, OWASP SAMM, OWASP ASVS security requirements and the OWASP Top 10 vulnerabilities and their remediation.
• Proficiency in using Application Security Testing tools: SAST, DAST, SCA, secret scanning.
• Strong knowledge of vulnerability management processes, the stages of the secure development lifecycle process, common attack types and remediation techniques.
• Excellent problem-solving skills and attention to detail.
• Strong communication skills, with the ability to convey complex security concepts to technical and non-technical stakeholders through both executive-level summary reports and detailed technical reports
• Relevant certifications such as CSSLP, CISSP, CISM, CEH, or OSCP are a plus.

What We Offer:

• Competitive salary and a great benefits plan including medical, dental, life, vision, wellness program, disability, 401(k), Employee Stock Purchase Plan, paid time off, and tuition reimbursement.
• Discounts on Stanley Black & Decker tools and other partner programs.
• Opportunities to grow and develop your skills along multiple career paths.
• Access to a wealth of learning resources, including our digital learning portal.
• A diverse and inclusive culture that respects and embraces differences.
• Purpose-driven company that makes positive changes locally and globally through volunteerism, giving back, and sustainable business practices.

EEO Statement: All qualified applicants to Stanley Black & Decker are considered for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran’s status or any other protected characteristic.