Application Security Manager (Secure SDLC)

US-IA-Des Moines
Job ID
Information Technology
Requires Non-Compete?

Job Summary

Our Ideal Candidate: You are excited by the opportunity to build a program from the ground up!  You like building relationships and influencing others by educating and advocating on behalf of Security and secure coding practices. You enjoy working through the change management process with key stakeholders. You enjoy the process of vetting out and identifying the appropriate tools to be implemented to assist developers, and are consistently looking for ways to ensure that Security practices do not slow the development process.


About the Career:  Wellmark is hiring for the new position of Application Security Manager to oversee and drive solutions to support application security assessments for Wellmark Technology. In this role, you will conduct regular application security and privacy reviews by leading programs that ensure delivered solution support business objective. You will also further application security through the implementation of secure frameworks, establishment of standards, procedures and guidelines.


Core Competencies:

  • Accountability: Owning and taking responsibility for one’s actions.
  • Business Acumen: Understanding industry, market, financial and company specific operations.
  • Collaboration and Communication: Working together; listen to other’s ideas; communicate accurately and concisely.
  • Decision Making: Consider all facts and impacts when making decisions.
  • Focus on the Customer: Consistently doing what is in the best interest of our customer. Leaving a positive impression on the customer by elevating their experience; making it simpler and educating to helping them understand.

Minimum Qualifications Required (all must be met to be considered)

  • Bachelor’s degree or equivalent and direct work experience
  • Minimum 7 years’ experience to include a combination of the following:
    • Application development – experience with the full Software Development Lifecycle
    • Application security/software security
    • Creating and delivering creative solutions to complex problems
  • Knowledge of application security practices, including the areas of platform architecture, application security modeling, and systems integrity 
  • Knowledgeable about the tools used to build an Application Security program  
  • Knowledgeable about secure development life-cycle, threat modeling, and web application security assessments  
  • Extraordinarily technical and able to do hands on work when needed  
  • Ability to coach/mentor others by providing guidance and feedback to help an employee or groups of employees strengthen their knowledge and skills to accomplish a task or solve a problem, which in turn should improve job
  • performance.
    Ability to maintain effectiveness when experiencing major changes in work tasks or the work environment; adjusts effectively to work within new work structures, business processes, work requirements, or cultures.
  • Verbal and written communication skills to communicate information/concepts clearly and concisely to individuals or groups; delivers presentations suited to the characteristics and needs of the stakeholders/audience. Clearly and concisely conveys written information orally or in writing to individuals or groups to ensure that they understand the information and the message. Listens and responds appropriately to others.
  • Ability to provide advice and counsel; understands stakeholder programs, issues, organization and culture.
  • Demonstrated experience influencing others to act by using appropriate interaction skills and methods to guide individuals or groups to accomplish work, reach consensus, or take action.

Hiring Specifications Preferred

  • Bachelor’s degree
  • Agile experience
  • Experience leading an application security team at a dynamic, innovative company  

Job Accountabilities

a. Oversee and drive solutions for Wellmark's information security standards. Design and implement solutions to scale security testing and enable engineering teams to identify security flaws preproduction. Maintain an information security process for an end-to-end application security program using automated tools and manual techniques to identify and verify exposure to common security vulnerabilities.

b. Responsible for performing internal technical security assessment, pentests and code reviews/audits. Will engage with other information security third party stakeholders in the execution of vendor penetration testing and coordination of remediation.

c. Participate in product design reviews and serve as the subject matter resource, ensuring the development of practical business architecture strategies are aligned with Wellmark's information security strategic goals and objectives.

d. Be an advocate for security and secure coding practices. Ensure the alignment of information security standards follow and adhere to Wellmark architecture governance standards/SDLC, by using all documents effectively as tools to create solution design that meets business requirements and is within technical standards.

e. Collaborate and consult with technical stakeholders to ensure all are knowledgeable and adhering to guidelines and that solution development fits within future capability-based architectures/solutions.

f. Exhibit a strong information security knowledge by leveraging technology and transformational frameworks in developing a best-in-class information security design to meet business objectives.

g. Ensure the use of data and information is maximized within the organization by staying current on and evaluate emerging tools, techniques and technologies for potential Wellmark applications. Understand and use appropriate tools to analyze, identify and resolve business and/or technical problems.

h. Other duties as assigned.


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed