×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security

Department Lead - Head of Application Security

Job in St. Louis, Saint Louis, St. Louis city, Missouri, 63105, USA
Listing for: Edward Jones
Full Time position
Listed on 2026-03-11
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below
Location: St. Louis

Innovate here. And see your ideas come to life.

It's an exciting time to work in tech at Edward Jones. We are making massive investments in emerging technologies to improve how we work with our clients and with each other. Relationships are the focus of our business model. And working in Technology here means using your skills to build, deliver and maintain the technologies that enable us to deepen and support those relationships.

The best part? We develop and create our own industry-leading solutions internally. And you can be a part of it. Working with emerging new technologies. Creating platforms, programs and experiences that change how we work together - and support our client-first focus. Changing the future of our firm, the industry and the advisor-client relationship.

Job Overview Team Overview

Position

Schedule:

 Full-Time

This job posting is anticipated to remain open for 30 days, from 03-Mar-2026. The posting may close early due to the volume of applicants.

Edward Jones is seeking a Head of Application Security to lead the enterprise strategy and execution of secure software delivery across a complex, highly regulated environment. Reporting directly to the Chief Information Security Officer (CISO), this leader will own and scale the firm's application security program, ensuring that all code is developed, tested, and deployed securely, and that security is embedded across the full software development lifecycle (SDLC).

The selected candidate will lead a team responsible for secure coding governance and deployment pipelines, secure coding training for developers, threat modeling, SBOM/SBOMBs completion and management for applications, and penetration testing-driving measurable risk reduction while enabling technology teams to deliver s is a highly visible role requiring strong executive influence, deep technical credibility, and the ability to build durable partnerships across Engineering, Architecture, Dev Ops/SRE, Risk, Compliance, and Audit.

What

You'll Do:

  • Enterprise Application Security Strategy & Governance: Define and execute the enterprise Application Security strategy and operating model, aligned to business priorities and risk appetite. Establish and maintain enterprise secure SDLC standards (policies, controls, patterns, and reference architectures) across modern and legacy environments. Establish and maintain enterprise standards related to the secure use of AI developer tools. Set the vision for secure-by-design engineering practices and embed them into platform and product delivery.

  • Secure Code Development & Deployment: Ensure secure coding practices and controls are implemented across all engineering teams (e.g., code review requirements, security gates, CI/CD integration). Drive adoption of automated security testing within pipelines (e.g., SAST, SCA, secrets detection) and ensure outcomes are actionable and measurable. Establish expectations and quality thresholds to prevent high-risk code from being promoted into production.

  • Threat Modeling (Enterprise Standardization & Coverage): Own enterprise threat modeling methodology, tooling, templates, and training. Ensure threat models are completed for all applications, including material changes and new product launches. Partner with Architecture and Engineering leaders to translate threat model outputs into prioritized remediation and design improvements.

  • SBOM / "SBOMBs" Program Ownership: Establish and operationalize enterprise requirements for SBOM generation, validation, storage, and continuous monitoring. Ensure SBOM/SBOMBs are completed for all applications and integrate results into vulnerability management and third-party risk processes. Drive supply chain security posture improvements (e.g., dependency governance, provenance controls, patch/upgrade cadences).

  • Penetration Testing & Offensive Security Delivery: Ensure penetration testing is completed for applications according to risk tiering, launch criteria, and regulatory expectations. Establish testing scope standards (web, mobile, APIs, microservices, cloud-native) and ensure findings lead to measurable risk reduction. Develop executive-ready reporting that demonstrates coverage, trends, and remediation progress.

  • Risk Management, Metrics & Executive Reporting: Define and manage KPIs/KRIs for App Sec (coverage, vulnerability trends, remediation SLAs, pentest outcomes, threat model completion rates, SBOM compliance). Provide regular briefings to the CISO and senior leadership on App Sec posture, emerging risks, and investment needs. Partner with Audit, Risk, Legal, and Compliance to demonstrate defensible controls and evidence-based outcomes.

  • Leadership & Organizational Development: Lead, mentor, and scale a high-performing team of App Sec engineers, threat modelers, penetration testers, and program leaders. Create career paths, operating rhythms, and continuous improvement culture; optimize for both risk reduction and developer experience. Manage budget, tooling portfolio, and vendor…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search