Job description

Job Title: Senior Cybersecurity Lead Location: Coral Gables - Miami, FL - On site Reports to: CTO Department: Information Technology Role Overview The Senior Cybersecurity Lead will be instrumental in embedding security into the heart of Intercredit Bank's software development lifecycle. Operating as the second line of defense, this role will guide secure application design, vulnerability management, and governance, while partnering cross-functionally with CISO, engineering, leadership, and external partners. The successful candidate will play a strategic role in shaping and executing secure development policies, leading dynamic testing, and proactively defending against evolving threats. You will be the principal advocate and architect for application security, championing a culture where security is a shared responsibility and an enabler of innovation. This is a unique opportunity to shape the security posture of our digital products from the ground up, moving beyond checklists to implement a pragmatic, risk-based security program that developers embrace. Key Responsibilities • Secure SDLC Integration • Collaborate with engineering teams to infuse threat modeling, security requirements, and secure coding practices into product design. • Conduct and guide static (SAST), dynamic (DAST), and software composition analysis (SCA) across critical applications, and interpret results for development teams. • Lead hands-on dynamic application testing prior to major releases. • Oversight & Vulnerability Management • Ensure application penetration tests meet tier 4 standards (manual testing for OWASP Top 10, data leakage, info disclosure, etc.). • Review and refine scope of external testing engagements in partnership with vCISO and CTO. • Track and manage vulnerabilities, remediation progress, and trends. • Own the end-to-end vulnerability management lifecycle, from automated detection to manual validation, risk-rating, and remediation tracking. • Define and enforce Service Level Agreements (SLAs) for vulnerability remediation based on severity and risk. Governance & Policy Development • Co-author the Secure Application Development Policy, including red-teaming, bug bounty programs, and continuous testing protocols. • Present monthly Key Risk Indicators (KRIs) to the Risk Committee on web application security posture. • Support audits and regulatory assessments related to cybersecurity and application integrity. • Collaboration & Leadership • Operate as the subject matter expert (SME) for all matters related to application and product security. • Coach development and product teams on secure architecture principles. • Participate in incident response planning, tabletop exercises, and root cause analysis. • Translate complex security vulnerabilities into tangible business risks and opportunities for improvement for non-technical stakeholders. • Mentor and upskill development team members on security principles, turning them into force-multipliers for the security program. • Mentor junior security engineer(s) to foster a culture of continuous skills improvement. Qualifications & Experience • 4+ years of hands-on cybersecurity experience, with deep focus on secure application development and vulnerability management. • Advanced knowledge of OWASP Top 10, SDLC frameworks, and modern DevSecOps pipelines. • Strong grasp of manual testing techniques and dynamic web application assessments. • Proven experience drafting security policies and presenting risk metrics to executive stakeholders. • Familiarity with financial sector compliance expectations (e.g., GLBA, FFIEC, PCI). • Demonstrated experience with manual penetration testing tools and techniques (e.g., Burp Suite Professional, OWASP ZAP), including the ability to identify complex business logic flaws. • Experience securing applications and services in a cloud environment (e.g., AWS, Azure), including knowledge of cloud-native security controls. • A strong understanding of modern software development practices and languages (e.g., Python, Java, .NET, JavaScript frameworks) and the ability to communicate effectively with developers on technical implementation details. • Certifications such as OSCP (Offensive Security Certified Professional), GWAPT (GIAC Web Application Penetration Tester), or CISSP (Certified Information Systems Security Professional) are highly preferred. Tools & Technologies • Application Security Testing: Hands-on experience with SAST, DAST, and SCA tools (e.g., Veracode, Snyk, Checkmarx, SonarQube, Burp Suite). • CI/CD & DevOps: Familiarity with CI/CD pipelines and securing them (e.g., Jenkins, GitLab CI, Azure DevOps, GitHub Actions). • Cloud & Infrastructure: AWS (Security Hub, IAM, WAF), Infrastructure-as-Code (Terraform), Cloud Security Posture Management platforms (Wiz, Orca). • Collaboration & GRC: familiarity with GRC platforms Intercredit Bank is an Equal Opportunity Employer

Requirements