Company Description Zayo provides mission-critical bandwidth to the world's most impactful companies, fueling the innovations that are transforming our society. Zayo's 141,000-mile network in North America and Europe includes extensive metro connectivity to thousands of buildings and data centers. Zayo's communications infrastructure solutions include dark fiber, private data networks, wavelengths, Ethernet, and dedicated Internet access. Zayo serves wireless and wireline carriers, media, tech, content, finance, healthcare and other large enterprises. We are seeking an experienced and knowledgeable Director of Application & Product Security. This position is responsible for overseeing the development, implementation, and management of current and new application security capabilities. The Director of Application & Product Security will provide strategic direction, leadership, and operational excellence to protect our organization from cyber threats and ensure the security of our products throughout their lifecycle. The ideal candidate will have a deep understanding of cybersecurity principles, extensive experience in security program management, and a proven track record of success in leading cross-functional teams. Responsibilities: Static Code Analysis (SCA): Establish and maintain a comprehensive static code analysis program to identify and address security vulnerabilities and coding errors in our software code. Dynamic Code Analysis (DCA): Lead efforts to assess the security of running applications and services through dynamic code analysis, identifying and mitigating security weaknesses. Container Security: Develop and implement robust container security practices, including securing container images, managing container runtime security, and enforcing access controls. Bug Bounty: Establish and manage a bug bounty program to engage external security researchers and ethical hackers in identifying vulnerabilities in our products, overseeing the responsible disclosure and remediation process. Penetration Testing: Coordinate and oversee penetration testing activities to evaluate the security posture of our products, ensuring comprehensive assessments and providing recommendations for improvement. Vulnerability Disclosure Governance: Develop and maintain a vulnerability disclosure governance process, facilitating responsible vulnerability disclosures, coordinating communication with external researchers, and overseeing the remediation efforts. API Security: Implement and enforce API security measures to protect the integrity, confidentiality, and availability of our product's application programming interfaces (APIs). Developer Security Training & Awareness: Establish comprehensive security training and awareness programs for developers, promoting secure coding practices, and ensuring adherence to security standards throughout the development process. Secure Development Lifecycle (SDL): Drive the integration of security considerations and practices into the product development lifecycle, including requirements, design, coding, testing, and deployment. Product Security Governance: Define and enforce policies, standards, and guidelines for product security, ensuring compliance with relevant regulations and industry best practices. Incident Response and Vulnerability Management: Develop and implement processes and protocols for effective incident response and vulnerability management in collaboration with cross-functional teams. Security Architecture and Design: Collaborate with product development teams to incorporate robust security controls and mechanisms into the architecture and design of our products. Security Testing and Validation: Oversee comprehensive security testing activities, including code reviews, security assessments, and security-focused quality assurance (QA) testing. Security Compli