Cyber Security Leader

Job TypeFulltime

Skills RequiredPython Java .NET +5

LocationMiami, Florida

SalaryNo salary information was found.

Date Posted September 15, 2025

Intercredit Bank N.A.

Intercredit Bank N.A. is seeking a Senior Cybersecurity Lead to enhance security in their software development lifecycle. This role involves guiding secure application design, vulnerability management, and governance while collaborating with various teams.

Job description

Job Title: Senior Cybersecurity Lead Location: Coral Gables - Miami, FL - On site Reports to: CTO Department: Information Technology Role Overview The Senior Cybersecurity Lead will be instrumental in embedding security into the heart of Intercredit Bank's software development lifecycle. Operating as the second line of defense, this role will guide secure application design, vulnerability management, and governance, while partnering cross-functionally with CISO, engineering, leadership, and external partners. The successful candidate will play a strategic role in shaping and executing secure development policies, leading dynamic testing, and proactively defending against evolving threats. You will be the principal advocate and architect for application security, championing a culture where security is a shared responsibility and an enabler of innovation. This is a unique opportunity to shape the security posture of our digital products from the ground up, moving beyond checklists to implement a pragmatic, risk-based security program that developers embrace. Key Responsibilities • Secure SDLC Integration • Collaborate with engineering teams to infuse threat modeling, security requirements, and secure coding practices into product design. • Conduct and guide static (SAST), dynamic (DAST), and software composition analysis (SCA) across critical applications, and interpret results for development teams. • Lead hands-on dynamic application testing prior to major releases. • Oversight & Vulnerability Management • Ensure application penetration tests meet tier 4 standards (manual testing for OWASP Top 10, data leakage, info disclosure, etc.). • Review and refine scope of external testing engagements in partnership with vCISO and CTO. • Track and manage vulnerabilities, remediation progress, and trends. • Own the end-to-end vulnerability management lifecycle, from automated detection to manual validation, risk-rating, and remediation tracking. • Define and enforce Service Level Agreements (SLAs) for vulnerability remediation based on severity and risk. Governance & Policy Development • Co-author the Secure Application Development Policy, including red-teaming, bug bounty programs, and continuous testing protocols. • Present monthly Key Risk Indicators (KRIs) to the Risk Committee on web application security posture. • Support audits and regulatory assessments related to cybersecurity and application integrity. • Collaboration & Leadership • Operate as the subject matter expert (SME) for all matters related to application and product security. • Coach development and product teams on secure architecture principles. • Participate in incident response planning, tabletop exercises, and root cause analysis. • Translate complex security vulnerabilities into tangible business risks and opportunities for improvement for non-technical stakeholders. • Mentor and upskill development team members on security principles, turning them into force-multipliers for the security program. • Mentor junior security engineer(s) to foster a culture of continuous skills improvement. Qualifications & Experience • 4+ years of hands-on cybersecurity experience, with deep focus on secure application development and vulnerability management. • Advanced knowledge of OWASP Top 10, SDLC frameworks, and modern DevSecOps pipelines. • Strong grasp of manual testing techniques and dynamic web application assessments. • Proven experience drafting security policies and presenting risk metrics to executive stakeholders. • Familiarity with financial sector compliance expectations (e.g., GLBA, FFIEC, PCI). • Demonstrated experience with manual penetration testing tools and techniques (e.g., Burp Suite Professional, OWASP ZAP), including the ability to identify complex business logic flaws. • Experience securing applications and services in a cloud environment (e.g., AWS, Azure), including knowledge of cloud-native security controls. • A strong understanding of modern software development practices and languages (e.g., Python, Java, .NET, JavaScript frameworks) and the ability to communicate effectively with developers on technical implementation details. • Certifications such as OSCP (Offensive Security Certified Professional), GWAPT (GIAC Web Application Penetration Tester), or CISSP (Certified Information Systems Security Professional) are highly preferred. Tools & Technologies • Application Security Testing: Hands-on experience with SAST, DAST, and SCA tools (e.g., Veracode, Snyk, Checkmarx, SonarQube, Burp Suite). • CI/CD & DevOps: Familiarity with CI/CD pipelines and securing them (e.g., Jenkins, GitLab CI, Azure DevOps, GitHub Actions). • Cloud & Infrastructure: AWS (Security Hub, IAM, WAF), Infrastructure-as-Code (Terraform), Cloud Security Posture Management platforms (Wiz, Orca). • Collaboration & GRC: familiarity with GRC platforms Intercredit Bank is an Equal Opportunity Employer

Requirements

• 4+ years of hands-on cybersecurity experience, with deep focus on secure application development and vulnerability management

• Advanced knowledge of OWASP Top 10, SDLC frameworks, and modern DevSecOps pipelines

• Strong grasp of manual testing techniques and dynamic web application assessments

• Proven experience drafting security policies and presenting risk metrics to executive stakeholders

• Familiarity with financial sector compliance expectations (e.g., GLBA, FFIEC, PCI)

• Demonstrated experience with manual penetration testing tools and techniques (e.g., Burp Suite Professional, OWASP ZAP), including the ability to identify complex business logic flaws

• Experience securing applications and services in a cloud environment (e.g., AWS, Azure), including knowledge of cloud-native security controls

• A strong understanding of modern software development practices and languages (e.g., Python, Java, .NET, JavaScript frameworks) and the ability to communicate effectively with developers on technical implementation details

• Application Security Testing: Hands-on experience with SAST, DAST, and SCA tools (e.g., Veracode, Snyk, Checkmarx, SonarQube, Burp Suite)

• CI/CD & DevOps: Familiarity with CI/CD pipelines and securing them (e.g., Jenkins, GitLab CI, Azure DevOps, GitHub Actions)

• Cloud & Infrastructure: AWS (Security Hub, IAM, WAF), Infrastructure-as-Code (Terraform), Cloud Security Posture Management platforms (Wiz, Orca)

• Collaboration & GRC: familiarity with GRC platforms

Similar Jobs

Xcelligen Inc.

Aug 22, 2025

Cloud & Cybersecurity Engineer (Azure) at Xcelligen Inc. Atlanta, GA

Atlanta, Georgia

Full-time job

Xcelligen Inc. is seeking a Senior Cloud & Cybersecurity Engineer with expertise in AWS and Azure to lead cloud architecture and modernization initiatives. The role requires strong technical skills and leadership to drive innovation in enterprise environments.

View Details

AzureCI/CDJava

Vizio Group

Aug 12, 2025

(USA) Principal, Systems and Infrastructure Engineer, Information Security CYBERSECURITY DENVER, CO 06/25/25

Denver, Colorado

Full-time job

Vizio Group is seeking a Principal Systems and Infrastructure Engineer specializing in Information Security to lead the migration of applications and databases from AWS to Azure in Denver, CO. The role involves architecting Infrastructure-as-Code solutions, driving containerization, and developing automation scripts.

View Details

AzurePythonCI/CD

Huntington National Bank

Sep 7, 2025

Cybersecurity Engineer – Kubernetes and Container Security - Expert

Pittsburgh, Pennsylvania

Full-time job

The Cybersecurity Engineer at Huntington National Bank focuses on securing cloud-native applications and infrastructure, leveraging expertise in Kubernetes and container security. This role involves collaborating with DevOps teams to implement security measures and respond to incidents.

View Details

KubernetesPythonGo

Ford Motor Company

Aug 28, 2025

Cybersecurity Engineer - Full-time

Dearborn, Michigan

Full-time job

Ford Motor Company is seeking a Cybersecurity Engineer to develop and manage SIEM/SOAR solutions, focusing on Google SecOps and Security Command Center. The role involves enhancing security posture and ensuring compliance with industry standards.

View Details

AzurePythonGo

Aug 19, 2025

Authentication Services Leader - Cybersecurity Identity & Access Management

Maplewood, Minnesota

Full-time job

The Authentication Services Leader will oversee the Cybersecurity Identity & Access Management team at 3M, driving innovation in authentication technologies and leading a high-performing team. This role requires expertise in Microsoft Identity technologies and a strong background in information security.

View Details

AzurePython