APPLICATION SECURITY DELIVERY MANAGER

• POSTED NOV 22 2021
• ANN ARBOR, MICHIGAN, UNITED STATES
• DOMINO’S PIZZA LLC

ABOUT US

Domino’s Pizza, which began in 1960 as a single store location in Ypsilanti, MI, has had a lot to celebrate lately: we’re a reshaped, reenergized brand of honesty, transparency and accountability – not to mention, great food! In the rise to becoming a true technology leader, the brand is now consistently one of the top five companies in online transactions and 65% of our sales in the U.S. are taken through digital channels. The brand continues to ‘deliver the dream’ to local business owners, 90% of which started as delivery drivers and pizza makers in our stores. That’s just the tip of the iceberg…or as we might say, one “slice” of the pie! If this sounds like a brand you’d like to be a part of, consider joining our team!

JOB DETAILS

Domino’s is seeking an experienced Application Security Technical Delivery Manager to join the Information Security Team.

The role entails the tracking and management of detected defects and vulnerabilities from all stages of the software development lifecycle, reporting on and tracking the resolution of those defects, as well as the management of relationships with multiple vendors and service providers. Defects and vulnerability scanning/detection will be performed by multiple vendor partners and service providers, who are a key aspect of the capabilities of this function. The outcomes of those scans will be processed by the Technical Delivery Manager, who will then coordinate directly between the service provider and the impacted Domino’s development team’s Delivery Lead to ensure focus and resolution.

In addition to the tracking and management of defects/vulnerabilities, this role will aggregate results from multiple sources (including internally used scanning tools) and prepare and provide reports for review by the development teams delivery lead, Application Security management, and executive leadership.

The candidate should have a strong understanding of the Software Development Lifecycle, excellent written and oral communication skills and demonstrated coordination skills. The candidate will be responsible for tracking team-specific tasks in Jira and providing daily updates on in-flight tasks and backlog management. While this role is not specifically tasked with the detection of any vulnerabilities, the candidate should understand the OWASP Top Ten vulnerabilities and be able to have technical conversations with Domino’s Development team leads about detected vulnerabilities, the significance of any given vulnerability, and its importance with respect to prioritization of resolution.

Responsibilities and Duties

Responsibility #1 (75%) Application Security Program Support

• Coordinate and drive communications with/between external service providers and application development teams with respect to scanning, testing and reporting
• Coordinate multiple scans and/or assessments between multiple ongoing software development projects and the appropriate service provider(s)
• Review results of scans and assessments and prioritize findings into reports to be reviewed with development team delivery leads
• Meet and collaborate with delivery team leads to prioritize results, understand which findings should/will be addressed and when
• Drive follow-up conversations with respect to upcoming deadlines and the defects/vulnerabilities associated with each and follow approved process for any risk acceptance prior to code release
•  Identify and track trends with respect to defect and vulnerability type for the purposes of identification of possible education/training needs
• Inventory and understand all on-prem scanning tools used by the Domino’s Application Development teams and aggregate results of those tools into overall report and tracking process
• Responsibility #2 (25%) Report Preparation and Task Management
• Work closely with Principal Security Architect to identify new or updated requirements
• Work with Governance, Risk and Compliance team to create or update policies and procedures with respect to the application development ecosystem
• Prepare clear and concise reports relative to each application development effort and the overall health and status of the associated project
• Communicate status of ongoing issues and risks in daily stand-up meetings
• Manage Jira project backlog with respect to each development effort, vulnerabilities and defects that need to be addressed and communication/engagement points with the associated provider
• Plan and forecast Application Security strategies, including (but not limited to) Penetration Testing, Static Code Scans, recommended remediations and necessary training
• Collaborate with Application Security team management and InfoSec Leadership to communicate perceived needs or gaps to ensure vendors and service providers are providing the value expected

QUALIFICATIONS

• A bachelor’s or master’s degree in computer science, information systems or other related field; or equivalent work experience.
• 5 years of combined IT and project management work experience, with 2+ years of experience in vendor and relationship management

Required Skills

• Understanding of developer build and automation tools (Jenkins, JFrog, SonarQube, or similar)
• Understanding of the SDLC
• Strong written and oral communication skills
• Demonstrated planning and coordination skills
• An understanding of Security frameworks and regulations (OWASP, PCI)
• Vendor relationship management
• Ability to operate in a multi-national technical environment
• Understanding of continuous integration methodology and experience associated tools
• General understanding of common programming languages (Java, C#, Python)
• Ability to create and strengthen relationships with multiple internal and external project managers and delivery leads
• Ability to adapt to varying communication styles across various internal program disciplines
• Must have experience writing technical documentation
•  An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
•  An understanding of organizational mission, values, and goals and consistent application of this knowledge
•  Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one

Additional Information

All your information will be kept confidenJoin the team that makes all of our new ideas possible across our 17,000+ stores. So much of our lives involves the use of technology, but we don’t all speak the language of tech. We need translators in the form of writers who can break down highly complicated information from technical experts and make it relatable to even the least technical among us. That’s where technical writers come in.