Director of Application Security (US Remote)

Company Description
Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to realise their financial goals and help them save time and money.
We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments.
We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at
Job Description
The Director of Application Security is responsible for the direction and delivery of application security services, allowing the business to improve the security of applications being developed at Experian, assisting them in understanding principles of secure coding, and helping them investigate and improve security findings in their applications. You will ensure that the requirements of security following the Software Security Policy are met for new applications and for Experian’s legacy estate, with security flaws and issues managed throughout all stages of an application development life cycle.
You will engage with the business community to support forward momentum ensuring that the secure code principles are being applied in the application development, and that code flaws are detected as early as possible in the life cycle, delivering at speed to our clients.
You will report to the VP of Cloud and Application Attack Surface Management (CAASM).
You’ll have the opportunity to:

Work with the VP CAASM and peers to provide effective strategies for Application Security, including static scanning (SAST), dynamic scanning (DAST), Software Composition Analysis (SCA), and Penetration Testing

Engage with business leadership (CTOs and CIOs) to ensure strategy is understood, agreed upon, and implemented across all Experian Regions

Collaborate directly with engineering leaders to integrate security into the product development lifecycle

Provide strategic guidance for SDLC and product delivery, including:

Security design and architecture

Secure coding standards

Security testing and remediation

Perform application threat modeling

DevOps and DevSecOps integration (CI/CD) security

Automated product security testing

Container security testing

Communicate security policies, standards, processes, and guidance on newly identified security threats and vulnerabilities

Lead security assessments and audits

Develop and mentor a high-performing team, setting clear goals and promoting a culture of innovation

Drive continuous process improvement activities

Stay abreast of emerging security threats, technologies, and best practices

Qualifications
Your background:

8+ years’ of direct experience in application security, with experience in leadership in designing, implementing, and managing security programs for cloud-based platforms at large product companies

5+ years’ of managerial experience

Deep technical expertise across multiple technical domains, including cloud computing, security, and identity and access management

Experience with automated workflows in CI/CD, DevOps, or DevSecOps environments

Experience using tools enabling automated workflows, such as Jenkins, Gitlab, TFS, Github, etc.

Experience with modern delivery methodologies, including Agile and DevSecOps

Experience working with Generative AI, especially securing AI workloads

Experience in both designing and securing solutions in a regulated enterprise environment

Understanding of cloud computing technologies and security principles, particularly in AWS, Azure, or GCP environments

Technical background in security architecture and application security

Proven experience in overseeing the linking of cross-functional applications between different business units and systems

Experience with business and technical requirements, analysis, business process modeling/mapping, methodology development, and data mapping

Experience in risk management methodologies as they relate to integration/software testing

Experience leading teams focused on Application Security, including application scanning, manual pen testing, threat modeling, offensive security, and software security architecture

Writing and documentation skills; ability to communicate ideas in both technical and user-friendly language

Knowledge of applicable data privacy practices and laws

Four-year college diploma or university degree in computer science or computer engineering, and/or 5+ years’ of equivalent work experience

Professional certification such as CISSP, CCSP or CCSK, Cloud Platform and Infrastructure are a plus

Working knowledge of standard industry cybersecurity requirements and regulatory requirements such as OWASP, HIPAA, HITRUST, ISO 27001, NIST 800-53, and PCI-DSS

Willing to travel globally

Benefits/Perks:

Great compensation package and bonus plan

Core benefits including medical, dental, vision, and matching 401K

Flexible work environment, ability to work remote, hybrid or in-office

Flexible time off including volunteer time off, vacation, sick and 12-paid holidays

Additional Information
Our uniqueness is that we celebrate yours. Experian’s culture and people are important differentiators. We take our people agenda very seriously and focus on what matters; DEI, work/life balance, development, authenticity, engagement, collaboration, wellness, reward & recognition, volunteering… the list goes on. Experian’s people first approach is award-winning; Great Place To Work™ in 24 countries, FORTUNE Best Companies to work and Glassdoor Best Places to Work (globally 4.4 Stars) to name a few. Check out Experian Life on social or our Careers Site to understand why.
Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian’s DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

Experian