Associate Director, Cybersecurity - Application Security

This is an opportunity to tackle complex technical challenges, influence architectural decisions, and make a tangible impact on the security posture of our systems. If you are passionate about application security and thrive at the intersection of strategy and execution, join us in shaping the future of secure software at National Life Group.

Associate Director, Cybersecurity - Application Security

Please note that we do not offer visa sponsorship for this position.

As the Associate Director, Cybersecurity - Application Security, you will play a pivotal role in driving the strategy, implementation, and management of security practices across the software development lifecycle. In this role, you will act as both a thought leader and hands-on engineer, championing secure-by-design and defense-in-depth principles, shaping innovative security capabilities, and aligning strategy to business needs. You will collaborate closely with cross-functional teams to ensure our applications meet the highest standards of security and compliance while fostering a culture of secure software development.

This is an opportunity to tackle complex technical challenges, influence architectural decisions, and make a tangible impact on the security posture of our systems. If you are passionate about application security and thrive at the intersection of strategy and execution, join us in shaping the future of secure software at National Life Group.

Key Responsibilities:

• Shape and execute the vision for Application Security, partnering with Information Security leadership to align strategy, governance, and practices with organizational objectives.
• Integrate security into the software development lifecycle, embedding automated controls such as code analysis, dependency scanning, and secret detection into CI/CD and Infrastructure as Code workflows.
• Strengthen API security by embedding protective guardrails and automated checks that mitigate risks and ensure resilience in modern service architectures.
• Lead vulnerability management by tuning security tools, analyzing results, guiding remediation priorities, and tracking progress against SLAs and trends.
• Drive proactive security validation through threat modeling, offensive testing, and adversarial simulations to identify risks, validate defenses, and harden systems.
• Build a culture of secure software engineering by developing coding standards, reusable security components, and educational programs that embed secure-by-design principles across teams.
• Partner across engineering and IT to review exceptions, influence architectural decisions, and continuously evolve practices as new threats and technologies emerge.

What We’Re Looking For:

We are seeking a proven application security engineering leader with a track record of progressive growth, technical excellence, and the ability to inspire and guide teams. The ideal candidate blends deep application security expertise with strong leadership skills, bringing both hands-on technical ability and the influence to drive meaningful outcomes across the business.

Leadership And Influence

• At least 10 years of progressive software engineering experience, including 5 years in Application Security in a senior or principal role.
• Held leadership positions embedding security into software development and DevSecOps practices, with a history of mentoring, coaching, and developing teams.
• Demonstrated ability to guide teams and influence outcomes while managing competing priorities and engaging effectively with senior leadership.
• Strong communication and presentation skills, with the ability to translate technical findings into actionable business decisions.

Technical Expertise

• Deep knowledge of modern web and mobile stacks, Git-centric workflows, and securing cloud-native environments (Azure preferred).
• Advanced programming and scripting ability (Java, Python, JavaScript, or .NET), with experience automating security controls and integrating guardrails into CI/CD pipelines.
• Expertise in API security and practical experience architecting IAM solutions (Auth0, Okta, Ping, or equivalent).
• Proficiency with application security tooling (SAST, DAST, SCA, secret scanning) and the judgment to apply them effectively.
• Experience testing security controls through offensive exercises, defensive validation, and targeted assessments.
• Applied knowledge of frameworks and standards, including OWASP Top 10, CWE 25, and data protection requirements.
• Academic background or equivalent experience; advanced degree or professional certifications (CISSP, CSSLP, OSWE, etc.) preferred.

The Base Compensation Range Represents The Low And High End Of The Range For This Position. Actual Compensation Will Vary And May Be Above Or Below The Range Based On Various Factors Including But Not Limited To Qualifications, Skills, Competencies, Location, And Experience. The Range Listed Is Just One Component Of Our Total Compensation Package For Employees.

Other Rewards May Include An Annual Bonus, Quarterly Bonuses, Commissions, And Other Long-Term Incentive Compensation, Depending On The Position.  National Life Offers A Competitive Total Rewards Package Which Includes: A 401(K) Retirement Plan Match; Medical, Dental, And Vision Insurance; A Company Funded Wellness Account For Director And Below Employees; 10 Paid Holidays; A Generous Paid Time Off Plan (22 Days Of Combined Time-Off For Non-Exempt Employees And Exempt Employees Have Discretion In Managing Their Time, Including Scheduling Time Off In The Normal Course Of Business, But In No Event Will Exempt Employees Receive Less Sick Time Than Required By State Or Local Law); 6 Weeks Of Paid Parental Leave; And 6 Weeks Of Paid Family Leave After A Year Of Full-Time Employment.

National Life Is Accepting Applications For This Role On An Ongoing Basis And The Role Remains Open Until Filled.

National Life Group® Is A Trade Name Of National Life Insurance Company, Montpelier, Vt – Founded In 1848, Life Insurance Company Of The Southwest, Addison, Tx – Chartered In 1955, And Their Affiliates. Each Company Of National Life Group Is Solely Responsible For Its Own Financial Condition And Contractual Obligations. Life Insurance Company Of The Southwest Is Not An Authorized Insurer In New York And Does Not Conduct Insurance Business In New York. Equity Services, Inc., Member Finra/Sipc, Is A Broker/Dealer And Registered Investment Adviser Affiliate Of National Life Insurance Company. All Other Entities Are Independent Of The Companies Of National Life Group.

National Life Group

1 National Life Dr

Montpelier, Vt 05604

Social Media Policy

Site Disclosure And Privacy Policy

#Li-Ag