The Associate Manager – IT Cloud and Application Security will be a critical function responsible for helping to evangelize the Application Security program at Kraft Heinz by fostering a collaborative and educational working relationship between the application security and the business / development teams. We are looking for individuals who are willing to own their space and collaborate deeply within not only the security team, but also the application development teams, with the expectation of owning, maintaining and executing application scanning platforms, working with application developers to report on and fix existing code vulnerabilities, while building development playbooks, standards and best practices in order to eliminate the introduction of new code vulnerabilities.
Primary Responsibilities:
· Evangelize the Application Security Program and work directly with application developers to develop and maintain ‘Secure by Design’ coding practices for application developers
· Develop security controls and drive “shift left” security initiatives, embedding security best practices seamlessly into the software development lifecycle to proactively identify and mitigate risks.
· Collaborate with development teams to integrate secure coding practices, security automation, and pipeline security into CI/CD workflows.
· Assist in product development efforts, including Security Code Reviews, Dynamic assessments and application assessments to ensure compliance with Secure by Design principles and the implementation of appropriate security controls.
· Work closely with product teams to provide guidance and education to developers on available security controls and their appropriate use to improve adoption and reduce security vulnerabilities.
· Take ownership and accountability for managing security platforms. Conduct required maintenance activities, manage configurations to adhere to security standards, and perform operational tasks required for security reviews.
· Prepare and present detailed security reports with risk analysis and remediation strategies, effectively communicating to both technical and non-technical stakeholders. Triage vulnerabilities from dynamic and static scanning tools with development teams
· Perform manual security assessments against applications including but not limited to web applications, mobile and thick client applications.
· Support the automation of security testing and reporting, manage security tooling, and secure our cloud environments.
· Contribute to the continuous improvement of the application security program, ensuring alignment with evolving security landscapes and business needs.
Qualifications:
· Bachelor’s degree and 3+ years of relevant application security experience
· Experience working with software development teams, providing security oversight in complex application ecosystems.
· Experience in deploying and managing application security tools and related resources such as:
Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) API Security Application Security Posture Management (ASPM) Azure Devops Github· “Code to Cloud” experience with Cloud Native Application development and Security Tools is preferred. Experience with software development will be an added advantage. Experience with Microsoft Azure and Google Cloud is preferred but not mandatory.
· Expertise in application secure design and code reviews, with an understanding of Secure Coding standards and exploiting common vulnerabilities (e.g., OWASP Top 10, CWEs).
· Proficient with common developer tools and processes such as GitHub, Azure DevOps, CI/CD, containers and orchestration, IaaS/PaaS, APIs, WebSockets, Databases, Front-End and Back-End systems
· Proficient in one or more high-level programming languages (e.g. Python, PowerShell, JS, etc.). Experience in one or more application development languages (e.g. C#, Java, Go, etc.)
Location(s)Mexico City – Antara Tower A – 5th Floor – Local Office
Kraft Heinz is an Equal Opportunity Employer – Underrepresented Ethnic Minority Groups/Women/Veterans/Individuals with Disabilities/Sexual Orientation/Gender Identity and other protected classes.