Vacancy Details

Program Manager - Global Application Security | Tamworth | Midlands


Bachelor’s degree and 5+ years of directly applicable work experience in application security within a highly complex organization



  • In-depth knowledge of various development environments and development methodologies (waterfall, agile, etc).
  • Ability to integrate secure development practices into the organization regardless of the particular development methodologies or development environment.
  • Experience in writing and testing web applications and web services  in C/C++, Java, Javascript and other.
  • Familiarity with a variety of testing tools including Eclipse, GIT, JIRA, Subversion, Maven, ClearQuest/Case, Silk, FindBugs, Veracode, Fortify, Appscan, WebInspect, NetSparker, BurpSuite, OWASP Zap, etc.
  • Demonstrated ability to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE25 to any audience and discuss effective defensive techniques.
  • Familiarity with industry standards and regulations including PCI, SOX, ISO27001, NIST, GDPR, etc.
  • Ability to translate security concepts into language that is meaningful to many audiences, including business and technical leaders and individual contributors.
  • Able to approach application security from the perspective of risk management and to avoid purely academic thinking about software security.
  • Demonstrated ability to influence decision makers at all levels of a large organization.
  • Strong leadership skills and ability to lead highly technical individuals across the organization.
  • Excellent written and verbal communication skills.
  • Experience working with disparate and geographically distributed global teams.
More Information:

The Global Application Security Program Manager will act as an application security evangelist and subject matter expert.  Responsible for establishing an application security program within LKQ globally and driving processes, practices and technology adoption to continuously improve the security of sensitive application systems across all of LKQ’s global business entities.  This individual must possess strong technical skill but equally important is ability to influence and lead disparate groups of development and operations teams in various business units who may have very different development methodologies and development environments.

The application security program at LKQ is in it’s infancy but must be designed to ensure that any existing or newly developed software meets industry standard application security guidelines based upon risk.  The program must also enable rapid innovation to meet business and customer needs on an ongoing basis.

The manager of global application security will be responsible for:

·       Integrating security practices, standards and technologies into various development and application support lifecycles.

·       Ensuring that developers and QA personnel are trained with the appropriate level of security knowledge to perform their daily activities.

·       Improving and supporting application security tool deployments including static source code analysis and runtime testing tools.

·       Improving and maintaining secure development standards.

·       Supporting the incident response architecture review processes whenever application security expertise is needed.

·       Developing and leading an application penetration testing program.

·       Managing application security framework and perimeter security improvement initiatives.

·       Contributing to overall risk assessment of the company’s application estate.

·       Supporting vendor security activities to ensure that 3rd party software and development meets company application security standards.

·       Integrating threat modeling practices into the development lifecycle.

·       Integrating security testing practices into the development lifecycle.

Producing reporting on various Key Performance Indicators (KPIs) that measure the overall state of application security across the enterprise.  This should include reporting on organizational performance in meeting security standards and requirements.