Director Application Security Engineering

Position Overview 

Caesars is seeking a dynamic and experienced Director of Application Security Engineering to lead our efforts in building and maintaining a robust and scalable application security program. This role will be pivotal in driving a "shift left" security culture, focusing on integrating security seamlessly into our software development lifecycle (SDLC). The ideal candidate will possess deep expertise in automated code scanning and remediation, SAST, DAST, SCA, CI/CD pipeline integration, and a proven track record of building and leading high-performing security engineering teams. 

As the Director of Application Security Engineering, you will be responsible for defining and executing our application security strategy, ensuring the security of our applications from development to production. You will collaborate closely with development, DevOps, infrastructure, and other cybersecurity teams to embed security best practices and automate security processes, minimizing vulnerabilities and reducing risk.  This is a hands-on technical leadership role. 

What You Will Do 

strategic Leadership 

• Develop and implement a comprehensive application security strategy aligned with business objectives, focusing on automation and proactive security measures. 

• Lead, mentor, and grow a small team of application security engineers, fostering a culture of innovation, collaboration, and continuous improvement. 

• Champion the "shift left" security philosophy, embedding security considerations early in the SDLC. 

security automation and integration 

• Drive the implementation and optimization of automated security testing tools and processes, including SAST, DAST, SCA, and IAST. 

• Integrate security testing seamlessly into CI/CD pipelines, enabling continuous security monitoring and remediation. 

Technical Leadership 

• Lead the evaluation, selection, implementation, and optimization of new application security technology solutions. 

• Evaluate and manage relationships with security tool vendors, ensuring optimal performance and cost-effectiveness. 

• Mentor and guide junior application security engineers, providing technical expertise and fostering professional development. 

• Collaborate with cross-functional teams to continuously improve application security processes, tools, and workflows. 

Continuous Improvement and Automation 

• Identify opportunities to enhance the identification, assessment, and remediation of software issues and vulnerabilities. 

• Develop and implement scripts and workflows to streamline operations and reduce manual effort. 

• Stay current with emerging security threats, software development practices and platforms, software vulnerabilities, and industry best practices. 

• Communication and Collaboration 

• Closely partner with development teams to drive secure coding practices and application security principles. 

• Effectively communicate complex technical issues to both technical teams and non-technical stakeholders. 

• Prepare and deliver reports, dashboards, and presentations to leadership and other departments. 

• Build strong relationships with IT, DevOps, and business units to ensure alignment on security objectives. 

What You Will Need 

Technical Skills and Experience 

• 10+ years of experience in Cybersecurity or a related technology risk role, with a focus on engineering and application security  

• 5+ years of experience in a leadership role, managing and mentoring security and/or engineering teams 

• Deep understanding of application security principles, OWASP Top 10, and common vulnerabilities. 

• Proven experience in software development, with a strong understanding of secure coding practices and software architecture. 

• In-depth knowledge of application security principles, including threat modeling, vulnerability assessment, and secure code review. 

• Hands-on experience with security tools such as static and dynamic analysis tools, penetration testing frameworks, and security monitoring solutions. 

• Strong experience integrating security testing into CI/CD pipelines using tools like Jenkins, GitLab CI, or Azure DevOps. 

• Proficiency in scripting languages (e.g., Python, Bash) and infrastructure-as-code tools (e.g., Terraform, CloudFormation). 

• Knowledge of cloud security principles and best practices (AWS, Azure, GCP). 

• Relevant certifications such as AWS Certified Security Specialty, CISSP, GCIH, or GCED are preferred. 

Soft Skills 

• Proven ability to mentor, lead, and develop application security engineers. 

• Excellent verbal and written communication skills; ability to present technical concepts clearly. 

• Strong teamwork skills and the ability to work with diverse teams across the organization. 

• Analytical mindset with the ability to troubleshoot complex security issues. 

• Ability to thrive in a fast-paced and evolving cybersecurity environment.