Job Description: Application Security Program Lead

Why Guaranteed Rate is the BEST Place to Work

As a titan in mortgage lending and digital financial solutions, Guaranteed Rate Companies proudly operates with more than 6,400 employees stationed across over 800 branches nationwide, including Washington, D.C. Founded in the year 2000, we’ve assisted more than 1 million homeowners with their home purchase loans and refinances. In 2022 alone, we managed a total loan volume exceeding $33 billion. But we’re more than just numbers; we’re about innovation, offering competitive rates, and delivering customer service that’s second to none. Our accolades include Inside Mortgage Finance’s Second Largest Retail Originator for 2023, Chicago Agent’s Lender of the Year for the 7^th consecutive year, Scotsman’s Guide 2022 ranking for having more top originators than any other lenders, NerdWallet’s Best Lenders for Low and No-Down-Payment Mortgages of 2022, and Forbes’ Best Online Lender for First-Time Homebuyers in 2022. For more information, visit rate.com.

What Makes Our Team Awesome

We are a gritty group of passionate technologists on a mission to dominate the mortgage world!

The Information Technology Team within Guaranteed Rate passionately and consistently puts our customers first. We are building the latest technology to help create the best mortgage experience on the planet and get your mortgage, your way, anytime, anywhere. Whether that is improving our digital mortgage platform, automating loan coordination and underwriting processes, or building out the latest marketing and customer engagement platform, we’re doing it all. We build high-performing, self-organized, cross-functional agile teams that operate with minimal hierarchy. Information Technology team members hold themselves and others accountable and live and breathe the tenets of autonomy, mastery, and purpose.

What’s the Role?

Guaranteed Rate is looking for an Application Security Program Lead with proven experience and track record in designing, implementing, and maturing application security programs for complex business environments.

The Application Security Lead would provide technical leadership with respect to the development and execution of Rate Companies’ application security framework, including:; performing security architecture reviews of applications in design and production phases; identifying potential threats and attacks to applications systems through threat modeling methodologies; develop security strategies for emerging technologies such as AI and Machine Learning; identifying security recommendations and aligning them to appropriate risk management framework; conducting assessments of both internal and external applications (web, cloud, mobile) using a wide range of manual and automated code review techniques; integrating application security tools and process in development pipeline; Performing risk assessment and analysis on SaaS vendors and technologies; evaluating, developing, enhancing and/or running application security programs through a development community of practice.

Responsibilities:

• Over four years of experience in the application security industry, including a strong focus on security governance, risk, and compliance (GRC), solving security challenges in large-scale systems.

• Proven leadership with exceptional verbal and written communication skills, able to effectively convey complex technical concepts to diverse audiences, from technical development teams to internal security management.
  
• Candidates should be familiar with agile development processes (scrum, Kanban) and have experience integrating secure development practices into development sprints.
• Building training programs to increase security awareness and secure coding knowledge among development teams.
• Familiarity with deploying security tools for static application security testing (SAST), dynamic application security testing (DAST), Software Composition Analysis (SCA), and more.
• Understanding of infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, etc.)
• Work closely with other teams such as development, operations, and product management to ensure security is part of the overall application development strategy.
• Source code management (GitLab, GitHub, BitBucket, etc.)
  
  

Qualifications:

• Experience with secure coding practices and common vulnerabilities (e.g., OWASP Top 10).

• Experience integrating security practices into the software development lifecycle, such as security testing, secure code review, and automated security checks in CI/CD pipelines.
• Understanding of threat modelling methodologies, risk, and how to mitigate the risks concerning applications, both from internal and external threat factors.
• Understanding of the business, privacy, security, and compliance challenges surrounding the secure development lifecycle and a passion for solving these challenge.
• Experience with industry standards and governmental regulatory compliance including but not limited to PCI, SOX, ISO2001, NYDFS.
• Understanding and experience of implementing application security maturity designs such as BSIMM or equivalent frameworks.
• Ability to learn and adapt to integrate application security to different CI/CD systems and apply automation as needed.
• Bachelor’s degree or higher in a qualified field such as cybersecurity, computer science, or information systems

One or more of the following certifications preferred:

• Certified Information Systems Security Professional (CISSP)
• Certified Secure Software Lifecycle Professional (CSSLP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)

Other Useful Details

Employee Type: Full-Time

Pay Range: $140,000.00 to 180,000.00 annual pay + bonus and/or commissions

Location: Remote

Guaranteed Rate is an Equal Opportunity Employer that welcomes and encourages all applicants to apply regardless of age, race, sex, religion, color, national origin, disability, veteran status, sexual orientation, gender identity and/or expression, marital or parental status, ancestry, citizenship status, pregnancy or other reason protected by law. #LI-Remote

Click here to apply online

Details