People make Sage great. From our colleagues delivering ground-breaking solutions to the customers who use them: people have helped us grow for more than thirty years, and people are driving our future as a great SaaS company. We’re writing our next chapter. Be part of it!
Experience has taught us that when our customers thrive, we thrive. As a team, we always start with what customers need. Through the good… and more challenging times. Innovating at pace so customers can manage their finances, operations and people. Every one of us shapes our culture at Sage – doing what’s right and succeeding together, united by our commitment to each other. We encourage each other to grow in our roles, in our careers and as individuals.
Follow us on our social media sites below to join in conversations about career tips, open positions and company news! #lifeatsage #sagecareers. All qualified applicants will be thoughtfully considered and never discriminated against based on their race, color, age, religion, sexual orientation, gender identity, national origin, disability or veteran status.
To lead Senior and Junior Application Security roles and work alongside the Global Application Security Team. The Application Security Manager is accountable for all aspects of application security across Sage covering web, desktop and mobile applications. The role will support the Director – Application Security in coordinating improvements in the end-to-end product/system lifecycle spanning the whole SDLC and post launch operations. The role combines leadership including the management of the Security Champions programme, Bug Bounty and Developer Security training as well as technical application security activities related to validating the security of existing and new products and services and enabling the Application Security team and Security Champions to quickly and effectively address vulnerabilities discovered in Sage products and systems. The ultimate goal is to drive continual improvement in the security of our products, systems and behaviours and ensure colleague and customer success.
Key accountabilities and decision ownership:
• Providing leadership to the Sage Application Security Team members, ensuring high levels of engagement, alignment to Sage goals, effective personal development
• Ensuring the Application Security Team aligns with recognised industry standards, levels of competence and emerging threats, vulnerabilities and techniques
• Planning and managing Application Security Team workload focusing on Sage priorities and coordinating a roadmap of activities in sync with the other Security teams and Security Champions
• Driving continual improvement in the secure software development lifecycle and supporting our drive to a modern and innovative DevSecOps approach
• Working with Application Security team and Lead Security Champions on improving the effectiveness of the overall Security Champion program
• Managing and evolving Sage’s Bug Bounty program in support of the Offensive Security team
• Support the Application Security team analysis of vulnerabilities and other findings to identify systemic weaknesses and drive continual improvement in products, systems and behaviours
• Publishing blogs/articles and representing Sage at external events to establish us as a recognised centre of excellence for security
• Supporting security compliance as it relates to assigned products as part of our Information Security Management System, aligned to ISO27001
• Provides technical security leadership for significant projects or workstreams Skills, know-how and experience:
• Strong/advanced knowledge of security concepts and how to apply that knowledge to identifying, containing, and resolving application security vulnerabilities
• Good verbal and written communication skills
• Experience in building and leading an application security team and initiative
• Experience of working with geographically dispersed teams
• Experience working in an agile, DevOps/DevSecOps environment
• Working knowledge of static code analysis and dynamic analysis testing tools
• Experience in ISO27001, PCI or similar standards
• Supplier management and negotiation experience
Technical / professional qualifications:
• CSSLP, OSCP, CREST or similar