We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
COFENSE jobs

Application Security and Compliance Programs Manager

COFENSE
United States, Virginia, Leesburg
1608 Village Market Boulevard Southeast (Show on map)
Nov 05, 2025
Description

Reporting to the VP, Info Tech & Security, the Application Security and Compliance Programs Manager is responsible our Compliance Programs & Application Security that ensures Cofense Engineering designs, builds, ships, and operates software securely whilst being responsible for our information security standards.

Essential Duties/Responsibilities



  • Primarily responsible for being single point of contact on all project management activities for FEDRAMP/SOC2/ISO27001 program
  • Own the relationships with the 3PAO, sponsoring agency, and FedRAMP PMO
  • Lead the FedRAMP continuous monitoring (ConMon) activities including the Plans of Actions and Milestones (POA&Ms)
  • Lead the planning, scheduling, and preliminary analysis for all internal and external audits
  • Integratingsecuritytools,standards,andprocessesintothesoftware developmentlifecycle(SDLC).
  • Ensuringthatsoftware engineersaretrainedwiththeappropriatelevelof securityknowledge to performtheir daily
  • Improvingandsupportingapplicationsecuritytool deploymentsincludingstaticanalysis, dependency/component analysis, and dynamic analysis tools.
  • Improvingandmaintainingsecuredevelopment
  • Supportingtheincidentresponseandarchitecturereviewprocesseswheneverapplicationsecurityexpertiseis
  • Managingannualpenetrationtestingservices and application security assessments.
  • Providingmanualpenetrationtesting, threat modeling, and gap analysis for Cofense developed applications.
  • SupportingVendorSecurityactivitiestoensure3rd-party softwareanddevelopmentmeets Cofensesecurity
  • Support application security activities related to compliance efforts including FedRAMP/SOC 2/ISO27001.
  • Execute strategic vision for the Application Security program.
  • Other duties as assigned


Knowledge, Skills and Abilities Required



  • FedRAMP industry relationships and knowledge
  • Superb soft skills including the ability to gain the trust of stakeholders and senior management and negotiate priorities with outside teams
  • Working knowledge of public cloud providers (e.g., AWS)
  • Ability to translate securityconceptsintolanguagethatismeaningfultomany audiences,includingbusiness leaders, technicalleaders,andindividual
  • Ability to approach application securityfromtheperspectiveofriskmanagement
  • Strongleadershipand technical skillsto effectively managersApplication Security engineers.
  • Understanding of deployment methodologies in use for assigned products and projects.
  • Ability to multitask and context-switch across diverse teams and projects.
  • Familiarity with common security libraries, security controls, and common security flaws.
  • Familiarity with cloud security controls and best practices.
  • Excellent verbal and written communication skills.


Education and/or Experience:



  • 5+ years application security experience
  • Experience must demonstrate working knowledge in all phases of preparing and reviewing complete ATO packages for information technology systems and/or applications as defined by the Federal Information Security Modernization Act and implemented by the guidance of the GSA Federal Risk and Authorization Management Program (FedRAMP).
  • Must possess a strong background with

    • NIST Risk Management Framework (SP 800-53)
    • Federal Information Processing Standards (FIPS) 199 and 140
    • DoD Cloud Computing Security Requirements Guide (SRG)


  • Experience load-balancing multiple competing projects at the enterprise level.
  • Bachelor's degree preferred. Strong preference given for bachelor and advanced degrees in software technology related fields.


- Disclaimer-

The above statements are neither intended to be an all-inclusive list of the duties and responsibilities of the job described, nor are they intended to be a listing of all of the skills and abilities required to do the job. Rather, they are intended only to describe the general nature of the job. This job description is not a contract of employment, either express or implied. Employment with Cofense will be voluntarily entered into and your employment is considered at will. Cofense reserves the right to alter the job description at any time without notice.

Cofense is committed to equal employment opportunity. We will not discriminate against employees or applicants for employment on any legally recognized basis [protected class] including, but not limited to: veteran status, uniform service member status, race, color, religion, sex (including pregnancy), gender identity, sexual orientation, national origin, age, physical or mental disability, marital status, genetic information or any other status or characteristic protected by applicable national, federal, state or local laws and ordinances. We adhere to these commitments in all aspects of employment, including recruitment, hiring, training, compensation, promotion, benefits, and discipline.

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities

This employer is required to notify all applicants of their rights pursuant to federal employment laws.
For further information, please review the Know Your Rights notice from the Department of Labor.
Applied = 0
MORE JOBS LIKE THIS

(web-675dddd98f-rz56g)