Design and Maintain the Secure Developer Scorecard: Lead the creation, evolution, and ongoing management of a secure developer scorecard that measures developer successes and failures in secure coding practices.
Discover and Address Developer Community Bottlenecks: Proactively engage with the developer community to identify bottlenecks, frustrations, and barriers that delay code merges to production or lead to the dismissal of secure coding governance.
Lead Developer Engagement and Feedback Loops: Facilitate regular sessions with developers to listen, gather insights, and foster open dialogue about secure development challenges.
Build Business Cases for Secure Development Process Improvements: Translate developer feedback and scorecard insights into actionable business cases for process, tooling, or cultural changes.
Conduct Learning and Awareness Activities: Develop and deliver targeted learning sessions, workshops, and awareness campaigns to promote secure coding practices and SDLC governance within the developer community.
Requirements
Minimum 8 years of related work experience, with at least 3 years in IT security or application development.
Undergraduate degree in Computer Science, Information Technology, Cybersecurity, Information Systems, or related field. Alternatively, candidates with a non-technical degree or no degree but substantial relevant experience will be considered.
Minimum of 2+ years of professional experience in secure software development, application security, or developer enablement roles.
Alternatively, 5+ years of experience in cybersecurity, security awareness, or enterprise application risk management may substitute for direct developer experience.
Rudimentary coding capability (e.g., able to read, write, and understand code in at least one major programming language such as Python, Java, or C#).
High-level understanding of the Software Development Life Cycle (SDLC), secure coding principles, and the challenges faced in enterprise application development.
Familiarity with common developer workflows, tools, and bottlenecks.
Highly respected certifications: CISSP, CSSLP.
Desired: Security+ or equivalent foundational security certification.
Considered: SSAP or similar credentials, especially for candidates with a background in security awareness and developer enablement.
Candidates lacking direct developer experience but possessing a strong background in cybersecurity awareness, secure development advocacy, or enterprise change management will be strongly considered.