Position Details

Type Full-Time

Experience mid

Exp. Years 12+ years

Education Not specified

Category Cybersecurity

About this role

Senior executive-level role leading Edward Jones' enterprise application security program. Responsible for strategy, governance, and delivery across secure software development, threat modeling, SBOM, and penetration testing in a regulated environment.

Key Responsibilities

Develop enterprise app security strategy
Drive secure SDLC standards
Lead secure code deployment & automated testing
Own threat modeling methodology
Manage SBOM/SBOMBs program and pentest delivery

Technical Overview

Hands-on leadership with security tooling and processes across cloud-native architectures, CI/CD pipelines, and secure coding practices. Focus on building partnerships across Engineering, Architecture, DevOps/SRE, Risk, Compliance, and Audit; experience with AI developer tools security is preferred.

Ideal Candidate

The ideal candidate is an executive-level application security leader with 12+ years in cybersecurity who can own and scale an enterprise AppSec program, partner with risk/compliance/audit, and drive secure-by-design across SDLC in a regulated financial services environment.

Must-Have Skills

12+ years in cybersecurity with hands-on application security leadershipProven executive leadership experience (Director/MD/VP level)Secure SDLC and security controls integrated into CI/CD pipelinesThreat modeling at scale (methodology + adoption + outcomes)SBOM/SBOMBs and software supply chain governancePenetration testing programs and remediation lifecycle managementDemonstrated knowledge on the use of AI developer tools in an enterprise environment

Nice-to-Have Skills

Experience with large-scale engineering transformation (DevSecOpsplatform engineeringcloud migration)Familiarity with secure software supply chain practices and dependency governanceRecognized security certifications (e.g.CISSPCISMCSSLPOSCP/OSWEGIAC)

Tools & Platforms

CI/CDSAST toolingSCA toolingSBOM toolingVulnerability management system

Required Skills

12+ years in cybersecurityapplication security leadershipsecure SDLCCI/CD securitythreat modelingSBOM governancepenetration testingrisk managementexecutive reportingAI developer tools security

Hard Skills

Secure SDLCCI/CDSAST (Static Application Security Testing)SCA (Software Composition Analysis)SBOMSBOMBsThreat ModelingPenetration TestingVulnerability ManagementExecutive ReportingCloudAPIsMicroservicesSecure-by-designAI developer tools security

Soft Skills

Executive leadershipStrategic thinkingCommunicationStakeholder managementMentoringCross-functional collaborationChange managementData-driven storytelling

Certifications

Preferred

CISSPCISMCSSLPOSCP/OSWEGIAC

Industry & Role

Industry Banking

Job Function Lead the enterprise application security program, embedding secure-by-design across SDLC and coordinating cross-functional teams to reduce risk and enable rapid, secure software delivery.

Role Subtype Executive & General Management

Tech Domains Cybersecurity, Azure, Amazon Web Services, Kubernetes, Docker, Active Directory

Keywords for Your Resume

Head of Application SecurityApplication SecuritySecure SDLCCI/CDSAST (Static Application Security Testing)SCA (Software Composition Analysis)SBOMSBOMBsThreat ModelingPenetration TestingExecutive ReportingKPIsKRIsDevSecOpsAI developer toolsrisk managementauditComplianceFinancial servicesCloudAPIsmicroservicessecure-by-designvulnerability managementremediationCISSPCISMCSSLPOSCP/OSWEGIACSASTSCA

Deal Breakers

Less than 12 years of cybersecurity/appsec leadership, No experience with secure SDLC or CI/CD security controls, Lack of executive or cross-functional leadership experience

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile

Department Lead - Head of Application Security

Get matched to jobs like this