Experience Inc. Jobs

Description

Come be a part of our mission and make a meaningful and positive impact with the industry leading provider of language services for the Deaf and heard-of-hearing.

Benefits

• Paid Vacation Time and Paid Sick Time and Paid Holidays

• 401k 6% match with immediate vesting

• Nationwide Medical Insurance plans and coverage (Medical, Dental/Orthodontia, Vision)

• TeleDoc

• HSA company match

• 3 Medical plan options including a Low Deductible PPO Medical Plan Offering

• Employee Assistance Program

• Engaged Employee Resource Groups

• Outstanding Learning and Career Development Opportunities

Pay Range: Actual pay may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for incentive compensation.

This position can be 100% Remote or Hybrid for local candidates

Essential Duties and Responsibilities

* 

• Strategic Leadership and Program Development * Define and execute the application and product security strategy aligned with business goals.

• Establish security frameworks, best practices, and governance models across the software development lifecycle (SDLC).

• Collaborate with engineering and product teams to embed security into all phases of software development.

• Contribute to security roadmap development.

   

• Technical Risk Management * Lead the identification, assessment, and management of technical risks in applications and products.

• Develop and maintain risk scoring models to prioritize security efforts effectively.

• Establish metrics and KPIs to measure security posture and drive data-informed decision-making.

• Coordinates the execution of enterprise-wide information security risk assessments, including the reporting and oversight of risk treatment plans to address findings

• Manage technical Security Exception process

• Define and maintain a security reference architecture that provides security best practices and design guidance, roadmaps, and key security considerations for all major domains (i.e., IAM, privacy, cloud platforms, infrastructure, applications, database, etc.)

   

• Security Testing and Assurance * Oversee security testing initiatives, including penetration testing, red teaming, and technical audits of technology platforms and systems.

• Develop and enhance application security testing capabilities, including static (SAST), dynamic (DAST), and interactive (IAST) application security testing methodologies.

• Partner with external security researchers and vendors to conduct advanced security testing and assessments.

   

• Vulnerability and Remediation Management * Manage vulnerability identification and remediation efforts across applications and product environments.

• Establish secure coding practices and train development teams on security best practices.

• Implement and enforce automated security testing and continuous security integration within CI/CD pipelines.

   

• Compliance and Regulatory Alignment * Ensure compliance with industry security standards (e.g., ISO 27001, SOC 2, PCI-DSS, NIST, OWASP, GDPR, CISA Secure by Design).

• Partner with internal audit, compliance, and legal teams to address security-related regulatory requirements.

   

• Incident Response and Threat Management * Support incident response efforts related to application and product security threats.

• Collaborate with SOC and security operations teams to analyze and mitigate security incidents effectively.

   

*

Skills / Certifications

• Excellent documentation skills (i.e., solution workflow diagrams, syst em documentation, playbooks, etc.)

• Excellent written and verbal communications skills, including presentational skills

• Able to clearly communicate risk to upper management and other key stakeholders

• Proven... For full info follow application link.

   

Sorenson Communications is an EOE, Disability/Age Employer

#InformationTechnology