NCR Senior Director, Head of Application Security in United States

NCR Corporation (NYSE: NCR) is the global leader in consumer transaction technologies, turning everyday interactions with businesses into exceptional experiences. With its software, hardware, and portfolio of services, NCR enables nearly 700 million transactions daily across retail, financial, travel, hospitality, telecom and technology, and small business. NCR solutions run the everyday transactions that make your life easier. NCR is headquartered in Atlanta, Georgia, with approximately 29,000 employees and does business in 180 countries.

TITLE: Sr. Director, Head of Application Security LOCATION: Atlanta, GA Grade: 16

Think you know NCR? Think again! We have been reinvented!

We are NCR, a global tech company—and we run the everyday transactions that make your life easier. We’re the world leader in consumer transaction technologies, turning everyday interactions with businesses into exceptional experiences. With our software, hardware and portfolio of services, we make more than 700 million transactions possible every day. By continually learning about—and pioneering—how the world interacts and transacts, we’re helping our customers not only reach their goals, but also change the way all of us shop, eat, travel, bank and connect. Together, we are shaping the future.

SUMMARY

Do you love to work in a dynamic software engineering environment? Do you obsess over the security of your software and love to build/break code? Do you instinctively know your way around source code? Do your browser’s HTML fields autofill with ‘or 1<2; --? Are you an advocate of continuous delivery and continuously measurable security? Can you dive deep and still maintain the big picture of how the solution will interface with end users and other software systems? Do you have a passion for hacking that goes beyond a career?

If this is you, then come join to lead a strong and energetic team of experienced application security professionals who secure NCR’s day-to-day business. As the Head of Application Security in NCR’s Software Solutions Group, you will be responsible for the overall application security program, S-SDLC governance, risk management, compliance, penetration testing, and security architecture across the software product portfolio.

NCR is looking for a thought leader that can represent the application security topics in front of technical personnel as well as executive leadership, both internally and publicly facing.

We’re looking for a software engineering focused leader.

KEY AREAS OF RESPONSIBILITY

• Aligns the development lifecycle with application security programs and continuously improves the Secure Development Lifecycle. Implements processes and security automation tools within the SDL and CI/CD pipelines to enhance the capabilities of architects and ensure security is integrated into the delivery pipeline. Manages the implementation of security requirements.

• Defines the security requirements as a part of the secure development lifecycle & reviews application security of product designs align and comply with the business requirements and industry standards.

• Understand the compliance requirements from product teams, define the roadmap to align with the standards and regulations. Collect all the application security risks in a centralized location and works with product teams to prioritize the developments. Escalate any major risks through proper channels.

• Lead innovative security research initiatives to present at global conferences.

• Drive security innovation by applying new technology and facilitating the development of software interactions, connections and transactions that enable data-value-exchange and support NCR’s Omni-commerce platform strategy.

• Collaborate with stakeholders (Solution Management, Product Management, Engineering, Architecture) to understand the market requirements, ensure successful application of security architecture design, support development and delivery of products.

• Mentor the application security and engineering teams to achieve better security results, both individually and as teams.

BASIC QUALIFICATIONS Many years, and demonstrable experience with the following: • Direct supervision of a global team of 15 people. • Budget management. • Polyglot coding skills, such as Java, Python, Scala, JavaScript, Go, etc. • Designing and implementing security for online multi-tenant systems and on premise enterprise SW products. • Designing and implementing security within continuous delivery pipelines and robust test automation. • Experience with applying security within IaaS, PaaS and Cloud Services such as AWS, Azure, OpenStack, OpenShift, or Cloud Foundry • Knowledge of container security technologies like Docker, Kubernetes • Experience with SAST tools like Coverity, Checkmarx, Fortify, etc. • Experience with IAST tools like Contrast Security and Seeker. • Experience with Software Composition Analysis like WhiteSource and Black Duck. • Comfortable working in Windows/Linux OS and networking including network configuration, scripting, permissions management, etc.

PREFERRED QUALIFICATIONS • Public speaking at global information security conferences, like Black Hat, Defcon, RSA, Bsides, etc. • Previous experience as a manager of managers. • Previously submitted CVEs or appeared on a bug bounty hall of fame. • Experience with implementing RASP solutions. • Understanding of Retail, Hospitality and FinTech business processes.

Visit our careers site for a list of the benefits offered in your region in addition to a competitive base salary and strong work/family programs.

EEO Statement Integrated into our shared values is NCR's commitment to diversity. NCR is committed to being a globally inclusive company where all people are treated fairly, recognized for their individuality, promoted based on performance and encouraged to strive to reach their full potential. We believe in understanding and respecting differences among all people. This concept encompasses but is not limited to human differences with regard to race, ethnicity, religion, gender, culture and physical ability. Every individual at NCR has an ongoing responsibility to respect and support a globally diverse environment.

Statement to Third Party Agencies To ALL recruitment agencies: NCR only accepts resumes from agencies on the NCR preferred supplier list. Please do not forward resumes to our applicant tracking system, NCR employees, or any NCR facility. NCR is not responsible for any fees or charges associated with unsolicited resumes.

Job Software Engineering

Title: Senior Director, Head of Application Security

Location: United States

Requisition ID: 0069596_P0229011