This job posting isn't available in all website languages


Experian Careers Job Search

Application Defense Manager

Information Technology & Systems
182828 Requisition #
Thanks for your interest in the Application Defense Manager position. Unfortunately this position has been closed but you can search our 584 open jobs by clicking here.

Primary Responsibilities

  • Lead a team responsible for conducting internal and external penetration testing and automated web application security testing.
  • Evolve the delivery model for the Application penetration testing service, including roles and responsibilities, remediation plans, rollout of best practices, etc.
  • Hire, manage, and develop staff of application penetration testers by providing direction, establishing clear and measureable objectives, managing performance, training and coaching.
  • Develop and maintain KPIs to help project resource requirements, and forecast sub-contractor usage. 
  • Ensure effective knowledge management of findings and review results of penetration testing in order to determine severity of findings and identify potential remediation or mitigation strategies
  • Monitors and reports progress, problems and solutions in a timely manner. Follows through to ensure dollars and time estimates are realized within planned limits.
  • Effectively communicates to management and business sponsors the status of projects and issues as they relate to the testing process.
  • Provides clear, consistent, regular communication with all project stakeholders at all levels, including presentations to senior management, creating agendas and meeting minutes.
  • In-depth research of the latest adversarial tactics, techniques and procedures (TTPs) and technologies to remain at the bleeding edge.
  • Create and support KPIs and KRIs that measure risk reduction and progress over time.
  • Builds a high performance team
  • Develops and mentors staff to achieve career goals and maintain leadership succession planning.
  • Bachelor’s degree in related field (Business, Information Services, IT, Information Security, etc.); Master’s preferred.
  • 10 years of hands on Application Penetration testing experience with at least 4 years in managing and leading a team of penetration testers.
  • A Self Starter with strong organizational skills, including the ability to deliver with minimal supervision and experienced in working in an onsite-offshore model.
  • Expert knowledge and hands on experience of penetration tools such as Kali linux, Burpsuite, Nessus, Metasploit etc.
  • Expert knowledge of existing, emerging threats, web security principles and attack vectors
  • Ability to Author detailed and articulate penetration test reports, including prescriptive recommendations for remediation options
  • Extensive knowledge of information and technology security management technologies, methods, standards, and processes as well as knowledge of compliance, legal, internal / external audit & regulatory requirements.
  • Strong Expertise with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
  • Strong expertise in the collaboration, facilitation and coordination with the business units for the mitigation of risks.
  • Strong understanding of Application Design, DevOps, TCP/IP fundamentals, network protocols, system administration and network architectures.
  • Experience and exposure to large organizational implementations of vulnerability management programs, with specific emphasis on application security, metrics development and reporting.
  • Experience with programming at least one of the following: Perl, Python, ruby, bash, C or C++, C#, or Java, including scripting and editing existing code 
  • Knowledge of Web Frameworks such as Spring, Struts Hibernate, ASP, JSP etc and APIs (JSON/REST/SOAP)
  • Understanding of APIs (JSON/REST/SOAP) An aptitude for technical writing, including assessment reports, presentations and operating procedures.
  • Strong problem solving and project execution skills. Ability to handle changing priorities and drive difficult decisions.
  • Ability to solve very complex security issues that span multiple components in an Application infrastructure.
  • Ability to lead and motivate the team to achieve tactical and strategic goals.
  • Knowledge of common information security management frameworks, including but not limited to: ISO 27001/27002, ITIL, COBIT and NIST is desired.
  • Professional security management certification, such as a CISSP, CISM, CEH, OSCP/E, GWAPT, GPEN, or GXPN certification(s) or other similar credentials, is desired

Experian is an Equal Opportunity Employer. Anyone needing accommodation to complete the interview process should notify the talent acquisition partner. The word "Experian" is a registered trademark in the EU and other countries and is owned by Experian Ltd. and/or its associated companies.

EOE including Disability/Veterans

My Profile

Create and manage profiles for future opportunities.

Go to Profile

My Submissions

Track your opportunities.

My Submissions
Please try again.


Either there was a problem on our end with the action you just performed, or we are currently having technical difficulties with our system. Please try again later.

Privacy Policy  |  Online Community  |  Press  |  Investor Relations