Application Security Manager

We believe that difference sparks brilliance, so we welcome people and ideas from everywhere to join us in stretching what’s possible.

At Tapestry, being true to yourself is core to who we are. When each of us brings our individuality to our collective ambition, our creativity is unleashed. This global house of brands – Coach, Kate Spade New York, Stuart Weitzman – was built by unconventional entrepreneurs and unexpected solutions, so when we say we believe in dreams, we mean we believe in making them happen. We’re always on a journey to becoming our best, but you can count on this: Here, your voice is valued, your ambitions are supported, and your work is recognized.

A member of the Tapestry family, we are part of a global house of brands that has unwavering optimism and is committed to being innovative and wholly inclusive. Visit Our People page to learn more about Tapestry's commitment to equity, inclusion, and diversity. 

Job Title: Application Security Manager

Primary Purpose: The AppSec Manager will be responsible for evaluating application environments to ensure they are being designed and deployed in compliance with InfoSec standards and industry best practices. This includes performing security assessments, conducting risk analysis, reporting security findings and recommending corrective actions to the relevant operational teams. 

They will work with developers, architects, project leads/managers, business analysts, and others, in determining security requirements for projects and ensures that these requirements are met as part of the software development lifecycle (SDLC).

They will act as the “go to” individual for all application security questions, concerns, and guidance.

They will be ensuring that Digital IT teams are trained with the appropriate level of security knowledge to perform their daily activities in accordance with Tapestry’s InfoSec requirements. The individual will be developing and maintaining application security-related development standards & training material.

They will be responsible to support application security tool deployments and recommend improvements on the tools and processes established within our application security framework to increase efficiency and mature the program.

The successful individual will leverage their proficiency in Cybersecurity to  

• Serve as a Subject Matter Expert (SME) in the field of Application Security
• Conduct dynamic & static code reviews and run-time tests
• Integrate application security tools within existing development processes (SDLC, CI/CD)
• Assist with the planning and execution of application penetration tests
• Identify and help resolve false positive findings in security assessment results
• Generate reports on assessment findings and help guide and track remediation tasks
• Assist with formulation and distribution of security metrics that demonstrate assessment coverage and remediation effectiveness

The accomplished individual will posses

• Solid understanding of current secure coding principles (e.g., OWASP Top10:2021)
• 5+ years of experience with AppSec tools like AppScan, Burp, Veracode, Checkmarx and WAF solutions
• Experience in testing applications developed in widely used frameworks & languages such as API, Python, .Net, Java and JavaScript.
• Familiarity with a variety of software development & automation tools (e.g., Jenkins, Eclipse, Git, Subversion, Jira, etc.)
• Strong critical thinking and problem-solving skills
• Excellent written and oral communications skills
• Solid project management skills
• Ability to work independently
• Ability to understand business needs and commitment to delivering high-quality, prompt, and efficient service to the business

An outstanding professional will have

• BS in Computer Science, Information Security, or a related field
• 5+ years of experience in an application security role
• Industry Certifications such as CISSP, CISM, CISA, CEH are considered a plus

Our Competencies for All Employees

• Courage: Doesn’t hold back anything that needs to be said; provides current, direct, complete, and “actionable” positive and corrective feedback to others; lets people know where they stand; faces up to people problems on any person or situation (not including direct reports) quickly and directly; is not afraid to take negative action when necessary.
• Creativity: Comes up with a lot of new and unique ideas; easily makes connections among previously unrelated notions; tends to be seen as original and value-added in brainstorming settings.
• Customer Focus: Is dedicated to meeting the expectations and requirements of internal and external customers; gets first-hand customer information and uses it for improvements in products and services; acts with customers in mind; establishes and maintains effective relationships with customers and gains their trust and respect.
• Dealing with Ambiguity: Can effectively cope with change; can shift gears comfortably; can decide and act without having the total picture; isn’t upset when things are up in the air; doesn’t have to finish things before moving on; can comfortably handle risk and uncertainty.
• Drive for Results: Can be counted on to exceed goals successfully; is constantly and consistently one of the top performers; very bottom-line oriented; steadfastly pushes self and others for results.
• Interpersonal Savvy: Relates well to all kinds of people, up, down, and sideways, inside and outside the organization; builds appropriate rapport; builds constructive and effective relationships; uses diplomacy and tact; can diffuse even high-tension situations comfortably.
• Learning on the Fly: Learns quickly when facing new problems; a relentless and versatile learner; open to change; analyzes both successes and failures for clues to improvement; experiments and will try anything to find solutions; enjoys the challenge of unfamiliar tasks; quickly grasps the essence and the underlying structure of anything.

Our Competencies for All People Managers

• Strategic Agility: Sees ahead clearly; can anticipate future consequences and trends accurately; has broad knowledge and perspective; is future oriented; can articulately paint credible pictures and visions of possibilities and likelihoods; can create competitive and breakthrough strategies and plans.
• Developing Direct Reports and Others: Provides challenging and stretching tasks and assignments; holds frequent development discussions; is aware of each person’s career goals; constructs compelling development plans and executes them; pushes people to accept developmental moves; will take on those who need help and further development; cooperates with the developmental system in the organization; is a people builder.
• Building Effective Teams: Blends people into teams when needed; creates strong morale
  and spirit in his/her team; shares wins and successes; fosters open dialogue; lets people finish and be responsible for their work; defines success in terms of the whole team; creates a feeling of belonging in the team.

Tapestry, Inc. is an equal opportunity and affirmative action employer and we pride ourselves on hiring and developing the best people. All employment decisions (including recruitment, hiring, promotion, compensation, transfer, training, discipline and termination) are based on the applicant’s or employee’s qualifications as they relate to the requirements of the position under consideration. These decisions are made without regard to age, sex, sexual orientation, gender identity, genetic characteristics, race, color, creed, religion, ethnicity, national origin, alienage, citizenship, disability, marital status, military status, pregnancy, or any other legally-recognized protected basis prohibited by applicable law. #LI_AC1 #LI_Hybrid Visit Tapestry, Inc. at http://www.tapestry.com/

BASE PAY RANGE $120,000.00 TO $180,000.00 Annually
Click Here - U.S. Benefits Summary