Sr. Manager, Digital Product Security
Under Armour is all about performance. Because what we make empowers athletes in every form to push themselves, to turn good into great, and to stay hungry for whatever comes next. And this is exactly what we expect from each other.
Working with us means one key thing: no matter what you do, you see every day and every project as a chance to push your field forward. In every store and every office, we build teams where everyone is an MVP. And together we tackle every challenge head on. Because we work to push the gear, the game, and ourselves farther.
We’re looking for people who do more than good work.
We’re looking for the Best in Every Game.
Under Armour is the chosen brand of this generation of athletes... and the athletes of tomorrow. We're about performance - in training and on game day, in blistering heat and bitter cold. Whatever the conditions, whatever the sport, Under Armour delivers the advantage athletes have come to demand.
That demand has created an environment of growth. An environment where building a great team is vital. An environment where doing whatever it takes is the baseline and going above and beyond to protect the Brand is commonplace.
The world's hungriest athletes live by a code, a pledge to themselves and everyone else: Protect This House... I Will. Our goal is to Build A Great Team! Will YOU…Protect This House?!
The Sr. Manager, Digital Product Security is responsible for application security of Under Armour’s suite of fitness and eCommerce applications. This includes, but is not limited to, secure code development, design, enforcement of applications security controls, as well as, developer training on secure code best practices. The director is also responsible for secure cloud architecture that includes the design, development, and deployment of a comprehensive security plan for the global eComm and CF cloud infrastructure platforms. The director will lead a team of application and cloud infrastructure security architects and engineers.
Additionally, the director is responsible for developing a strong cross functional relationship between other IT teams and business units. The position requires expertise of application security risk, cloud architecture, application threat modeling, and policy writing.
Application Code Security
- Excellent knowledge on security concepts: Web Access management, static and dynamic testing, Single Sign On, Federation, SAML, OAuth2.0, API Gateways and relevant IT architectures.
- Consult with product & engineering teams to build security & privacy into all new feature & product development.
- Promote DevSecOps culture in development teams & drive adoption of tools and practices as the teams transform to DevSecOps.
- Implement and manage a robust application testing framework that mitigates the release of vulnerable application code into production environments
- Work within an Agile development organization
- Evangelize application security within the company and work with Application Development teams to incorporate new program direction into applications
Data Protection and Security
- Data security around all consumer data initiatives including, but not limited to data engineering, data science, SVoC, customer relationship management (CRM), personalization, etc.
- Advise on proper handling, security, and retention of consumer data.
Training & Development
- Develop & manage an enterprise application security program to guide and assist development and engineering teams in best practices for secure development & application vulnerability management
- Develop & manage a team responsible for providing application security services that comply with established policies, procedures and standards.
- Assist with the implementation and execution of the application security program
- Masters degree in Computer Science / Engineering OR Bachelors degree in Computer Science / Engineering plus relevant work experience
- 7+ years software development experience; 5+ years secure development experience.; 7+ years managing application development/testing teams
- CSSLP or similar is favorable
- Familiar with PCI, GDPR, CCPA, AdChoices, etc.
- Expert knowledge of the following project methodology practices and concepts: Secure software development, static and dynamic testing, web application firewalls
- Deep understanding of web application attacks including SQLi, XSS, XXE, and other common security issues
- Security Testing methodologies and related tools such as Fortify, WebInspect, BurpSuite, WihteSource
- Understanding of cloud, SaaS, and IoT architectures, and their implications on information security strategy.
- A natural influencer and coalition builder; passionate about building high performing teams.
- Excellent written and verbal communication, interpersonal and collaborative skills.
- Experienced with budget management, contract and vendor negotiations.
- Experience with a number of programming languages and secure code development.
- Excellent analysis and problem solving
- Able to communicate security and risk-related concepts to both technical and non-technical audiences.
- Ability to educate, mentor, consult and present to technical development staff
- Occasional travel for meetings, conferences, collaboration. 4-6 trips annually
At Under Armour, we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by applicable law. Under Armour believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool.