Head-App Sec & Testing
As one of the world’s leading asset managers, Invesco is dedicated to helping investors worldwide achieve their financial objectives. By delivering the combined power of our distinctive investment management capabilities, we provide a wide range of investment strategies and vehicles to our clients around the world.
If you're looking for challenging work, smart colleagues, and a global employer with a social conscience, come explore your potential at Invesco. Make a difference every day!
The Application Security team is a specialized group responsible for ensuring the security and integrity of an organization's software applications. Comprising skilled professionals with expertise in coding practices and vulnerability assessment, this team works to identify and address potential security weaknesses within applications.
A Red Team is a group of skilled cybersecurity professionals tasked with simulating real-world cyberattacks on an organization's systems, networks, and applications. The goal of the Red Team is to identify vulnerabilities and weaknesses that malicious actors could exploit. Through techniques like penetration testing and social engineering, the Red Team emulates the tactics, techniques, and procedures (TTPs) of actual attackers to uncover potential security gaps.
Head of Global Application and Infrastructure Security will work closely with technology and application teams to build security into all phases of the software and systems development/maintenance life cycle. In this role, you will partner with IT leadership to provide assurance of error-free development practices and ensure the applications and infrastructure are securely designed, architected, and implemented.
You Will Be Responsible For:
The incumbent will be responsible for the Application Security, Vulnerability Assessment and Penetration Testing capabilities across the Invesco application and infrastructure portfolio:
Collaborate with peer IT personnel to ensure required Information Security solutions are in place throughout all IT systems and applications to mitigate identified risks to an acceptable level in alignment with business objectives.
Align the development lifecycle with the Application Security program and continuously improve the Secure Development Lifecycle.
Implement processes and applicable security testing tools within the Software Development Life Cycle to ensure security is integrated in the delivery pipeline.
Vulnerability Assessment & Penetration Testing:
Candidate will be responsible for the management of penetration testing activities defined as the application of real-world hacking techniques to applications, infrastructure, cloud environments, mobile applications, and other systems for the purpose of evaluating the system’s ability to withstand attack. Creation and maintenance of testing methodology, hiring of testers, training, and mentorship of testers, design of artifact output, and ensuring the quality of testing program output are expected.
Red Team Management: The candidate will be responsible for the management of Red Team operations defined as the application of real world hacking techniques to applications, infrastructure, cloud environments, mobile applications, and other systems for the purpose of evaluating the SOC (Security Operations Center) and their ability to detect and respond to attacks. Creation and maintenance of testing methodology, hiring of testers, training and mentorship of testers, design of artifact output, and ensuring the quality of testing program output are expected.
The Experience You Bring:
10 years of combined experience in security and software development 10+ years of Information Security experience with a combination of the above-referenced key responsibility domains.
Experience in the development and management of Information Security programs and processes.
Building and managing relationships at all levels within the organization.
Working in large/global corporate environments involving multiple lines of business.
Expert problem-solving skills with the ability to solve problems with unknown parameters.
Financial services and project management experience highly desired.
Effective presentation skills for technical and non-technical groups at all levels within the organization.
Full Time / Part TimeFull time
Job Exempt (Yes / No)Yes
At Invesco, our workplace model supports our culture and meets the needs of our clients while providing flexibility our employees value. As a full-time employee, compliance with the workplace policy means working with your direct manager to create a schedule where you will work in your designated office at least three days a week, with two days working outside an Invesco office.
What’s in it for you?
Our people are at the very core of our success. Invesco employees get more out of life through our comprehensive compensation and benefit offerings including:
Flexible time off and opportunities for a flexible work schedule
401(K) matching of 100% up to the first 6% with additional supplemental contribution
Health & wellbeing benefits
Parental Leave benefits
Employee stock purchase plan
The above information on this description has been designed to indicate the general nature and level of work performed by employees within this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job. The job holder may be required to perform other duties as deemed appropriate by their manager from time to time.
Invesco's culture of inclusivity and its commitment to diversity in the workplace are demonstrated through our people practices. We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender, gender identity, sexual orientation, marital status, national origin, citizenship status, disability, age, or veteran status. Our equal opportunity employment efforts comply with all applicable U.S. state and federal laws governing non-discrimination in employment.