Lead Application Security Officer

 About the Role
We are seeking a highly skilled Virtual Chief Information Security Officer (vCISO) with a strong specialization in OWASP and OSAMM-based security practices. The main focus of this role will be to ensure that the organization’s applications, endpoints, and APIs are secured against the most relevant and critical threats, using established OWASP standards and frameworks. Alongside this, the vCISO will serve as a broad security generalist, providing guidance and oversight across all major security domains, including cloud, network, identity, governance, and compliance.

The role is well-suited to a professional with both hands-on technical expertise and strategic oversight capability. The successful candidate will be expected to advise on and implement security measures that directly reduce organizational risk, while also ensuring that broader governance, compliance, and operational security objectives are achieved.

Primary Responsibilities
●Apply and operationalize OWASP best practices, including Web Application Top 10, API Top 10, Endpoint Top 10, and related guidance, to identify and mitigate key risks.
●Utilize the OWASP Software Assurance Maturity Model (OSAMM) or a similar model to assess the organization’s current security posture, define maturity goals, and guide incremental improvements.
●Conduct reviews of applications, endpoints, and infrastructure to ensure alignment with security standards and best practices.
●Work closely with development and operations teams to ensure secure design and deployment practices are consistently applied.
Secondary Responsibilities
●Act as a security generalist by advising and implementing controls in areas such as identity and access management, network security, cloud security (AWS and Azure), and endpoint management.
●Oversee security governance, including the development and enforcement of policies, standards, and procedures.
●Support compliance activities, ensuring that security practices are consistent with relevant frameworks and regulations.
●Provide clear, strategic security guidance to executive leadership and stakeholders, ensuring security priorities align with overall business objectives.

Requirements
●Hands-on expertise with OWASP frameworks and tools, including a deep understanding of the OWASP Top 10, API Top 10, Endpoint Top 10, and related security standards.
●Practical experience applying OSAMM for measuring and improving organizational software assurance maturity.
●Broad technical expertise across multiple cybersecurity domains, including identity management, network security, endpoint protection, and cloud platforms.
●Experience with enterprise security tools such as Jamf, Palo Alto (PAB, GP), AWS, Azure, Okta, and Cloudflare.
●Prior experience in a senior security role (CISO, security consultant, or equivalent) with both hands-on technical responsibilities and strategic leadership.
●Excellent communication, risk assessment, and leadership skills, with the ability to engage technical staff, business leaders, and external partners effectively.