[Remote] Director Application Security Engineering

Note: The job is a remote job and is open to candidates in USA. Caesars Entertainment is seeking a dynamic and experienced Director of Application Security Engineering to lead their application security efforts. This role is pivotal in driving a 'shift left' security culture and involves defining and executing the application security strategy while collaborating with various teams to minimize vulnerabilities and reduce risk.

Responsibilities

• Develop and implement a comprehensive application security strategy aligned with business objectives, focusing on automation and proactive security measures
• Lead, mentor, and grow a small team of application security engineers, fostering a culture of innovation, collaboration, and continuous improvement
• Champion the 'shift left' security philosophy, embedding security considerations early in the SDLC
• Drive the implementation and optimization of automated security testing tools and processes, including SAST, DAST, SCA, and IAST
• Integrate security testing seamlessly into CI/CD pipelines, enabling continuous security monitoring and remediation
• Lead the evaluation, selection, implementation, and optimization of new application security technology solutions
• Evaluate and manage relationships with security tool vendors, ensuring optimal performance and cost-effectiveness
• Mentor and guide junior application security engineers, providing technical expertise and fostering professional development
• Collaborate with cross-functional teams to continuously improve application security processes, tools, and workflows
• Identify opportunities to enhance the identification, assessment, and remediation of software issues and vulnerabilities
• Develop and implement scripts and workflows to streamline operations and reduce manual effort
• Stay current with emerging security threats, software development practices and platforms, software vulnerabilities, and industry best practices
• Closely partner with development teams to drive secure coding practices and application security principles
• Effectively communicate complex technical issues to both technical teams and non-technical stakeholders
• Prepare and deliver reports, dashboards, and presentations to leadership and other departments
• Build strong relationships with IT, DevOps, and business units to ensure alignment on security objectives

Skills

• 10+ years of experience in Cybersecurity or a related technology risk role, with a focus on engineering and application security
• 5+ years of experience in a leadership role, managing and mentoring security and/or engineering teams
• Deep understanding of application security principles, OWASP Top 10, and common vulnerabilities
• Proven experience in software development, with a strong understanding of secure coding practices and software architecture
• In-depth knowledge of application security principles, including threat modeling, vulnerability assessment, and secure code review
• Hands-on experience with security tools such as static and dynamic analysis tools, penetration testing frameworks, and security monitoring solutions
• Strong experience integrating security testing into CI/CD pipelines using tools like Jenkins, GitLab CI, or Azure DevOps
• Proficiency in scripting languages (e.g., Python, Bash) and infrastructure-as-code tools (e.g., Terraform, CloudFormation)
• Knowledge of cloud security principles and best practices (AWS, Azure, GCP)
• Proven ability to mentor, lead, and develop application security engineers
• Excellent verbal and written communication skills; ability to present technical concepts clearly
• Strong teamwork skills and the ability to work with diverse teams across the organization
• Analytical mindset with the ability to troubleshoot complex security issues
• Ability to thrive in a fast-paced and evolving cybersecurity environment
• Relevant certifications such as AWS Certified Security Specialty, CISSP, GCIH, or GCED are preferred

Company Overview