JOBSEARCHER

Manager, Application & Cloud Security

ARCHIVED

We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.

Company DescriptionAs the global leader in health and wellness innovation since 1935, GNC motivates people to reach their goals with the most trusted and exciting selection of products in the industry.As #TeamGNC, we work hard to ensure that our consumers come first. We are always cultivating and collaborating on new ideas to bring innovative solutions to the forefront and testing new solutions to translate goals into action. Our team members are advocates for change and innovation.There is no greater gift than good health and no greater satisfaction than helping others to achieve it. Be a part of helping others to Live Well!About GNCSince 1935, GNC has been a global leader in health and wellness innovation, inspiring people to achieve their goals with a trusted and dynamic range of products. As #TeamGNC, we prioritize our consumers, constantly collaborating and developing new ideas to deliver cutting-edge solutions. Our team is passionate about driving change and turning aspirations into actions. We believe that good health is the greatest gift, and there's nothing more rewarding than helping others achieve it. Join us in empowering others to Live Well!What We’re Looking ForAt GNC we embrace a “Live Well” philosophy, fostering a dynamic environment where innovation meets passion. Whether someone is an athlete or just starting to focus on their health, we want to deliver the cutting-edge products they deserve. We are looking for an individual who is excited and eager to play a pivotal role in driving excellence in the health and wellness industry. This position offers the opportunity to engage in a collaborative environment where you will make a personal impact every day.GNC is undergoing a significant digital and technology transformation - modernizing our ecommerce and martech stack, building a next-generation cloud and data foundation, and evolving into a digitally enabled, member-first wellness ecosystem.We are seeking a Manager, Application & Cloud Security to play a critical leadership role in securing this transformation. This is a hands-on leadership role. The manager will both lead security strategies across applications and cloud environments and actively participate in implementation, including tooling, architecture reviews and developer engagement.This role will lead the design, implementation, and continuous improvement of security controls across:A modern ecommerce ecosystem and an evolving martech stack Store, supply Chain, merchandising, and other internal enterprise applications.A new enterprise data foundation Cloud infrastructure and SaaS platforms supporting global operationsThis leader will partner closely with Digital Engineering, Enterprise Applications, Data & Analytics, Infrastructure, and Product teams to embed security by design into everything we build.This is not a reactive, ticket-driven security role. We are looking for a proactive, broad-thinking, hands-on, detail-oriented security leader who can operate at both architecture and execution levels - someone who understands how modern retail platforms are built and works closely with engineering teams to secure them.What You’ll DoThis is a Full-Time Salary PositionThe Manager, Application & Cloud Security is responsible for leading the strategy, implementation, and continuous improvement of security practices across the organization’s applications and cloud platforms. This role ensures that secure development practices, cloud security controls, and vulnerability management processes are embedded across the software development lifecycle (SDLC) and enterprise cloud environments.Secure GNC’s Application StackOwn and mature secure SDLC practices across the entire application stackConduct threat modeling for digital commerce, payments, loyalty, customer identity systems and beyondPartner with product and engineering teams to integrate automated security testing and policy enforcement into CI/CD pipelines to enable scalable DevSecOps practicesManage and optimize application security testing (SAST, DAST, dependency scanning, penetration testing) and ensure results are integrated into developer workflowsBuild and scale a developer security program including secure coding guidance, security champions, and targeted developer trainingSecure third-party martech integrations and vendor connectionsLead Cloud Security ArchitectureDefine and implement security controls across multi-cloud environmentsEnforce least privilege IAM, network segmentation, container security, and workload protectionPartner with Infrastructure teams on secure cloud configuration and posture management Implement CSPM and runtime protection solutionsProtect the New Data FoundationCollaborate with Data & Analytics teams to secure data platformsImplement data classification, encryption, tokenization, and access governanceSecure ML pipelines and API-driven data productsEnsure compliance with privacy regulations (GDPR, CCPA, PCI DSS)Embed Security in Transformation ProgramsAct as security lead for ecommerce replat forming, martech consolidation, and data modernization initiativesLead security architecture reviews for new digital products, integrations, and cloud services, defining and approving secure architecture patternsEstablish DevSecOps standards and developer security educationInfluence roadmap decisions with a risk-balanced, business-aware mindsetOperational ExcellenceMonitor application and cloud security posture metricsLead vulnerability management and remediation programsEstablish risk-based vulnerability prioritization focused on exploitability, exposure and business impactCoordinate with SOC on incident response related to applications and cloud environmentsConduct security reviews of new technologies and vendorsOther duties as assigned.What Success Looks LikeWithin 12–18 months, this leader will have:Embedded security into our ecommerce and digital product lifecycleEstablished a repeatable cloud security architecture frameworkReduced critical application vulnerabilities by >50%Implemented automated security testing within CI/CD pipelinesImproved visibility into third-party SaaS and martech risk exposureElevated developer and product security awareness across the organizationTechnology delivery is predictable, disciplined, and transparentPriority initiatives ship on time with fewer surprises and less reworkLeaders have confidence in plans, forecasts, and execution commitmentsPortfolio tradeoffs are explicit, data-driven, and aligned to strategyAgile and product-led practices improve speed and quality rather than dilute accountabilityEnvironmental Factors & Working ScheduleHybrid work environment, 3 days in-person attendance (Pittsburgh, PA) in addition to ability to work remotely.Regularly required to stand; walk; sit; use hands or fingers to handle or feel; reach with hands and arms; stoop, kneel, crouch, or crawl; and talk or hearSedentary work. Exerting up to 10 pounds of force occasionally and/or negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects. Repetitive motion. Substantial movements (motions) of the wrists, hands, and/or fingers. The worker is required to have close visual acuity to perform an activity such as: preparing and analyzing data and figures; transcribing; viewing a computer terminal; extensive reading.Work is performed in an office environment and requires the ability to operate standard office equipment and keyboards.Specific vision abilities required by this job include long periods of computer screen usage, close vision, distance vision, color vision, peripheral vision, depth perception, and ability to adjust focusThe noise level in the work environment is usually low/moderateTo perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions.Qualifications6–10+ years in Application Security, Cloud Security, or DevSecOps rolesExperience securing ecommerce platforms and customer-facing digital applicationsDeep knowledge of OWASP Top 10 and modern web/API threat landscapesHands-on experience with cloud security (AWS, Azure, or GCP)Familiarity with data platform securityExperience implementing SAST/DAST/SCA toolingRetail, consumer, or ecommerce experience strongly preferredTechnical ExpertiseSecure coding principlesAPI security and OAuth/JWT-based authentication modelsThreat modeling methodologiesSecrets management and secure key handlingCloud IAM, container securityCI/CD security integrationVulnerability management platformsZero Trust architecture principlesAzure Security Engineer (certification preferred)CISSP, CCSP, or equivalent (certification preferred)Benefits OfferingsBenefit Offerings: Medical, Dental, Vision, STD, LTD, Paid Company Life Insurance, 401K program with company match, 30% employee merchandise discount on GNC products & 20% employee discount on 3rd party products, Monthly Free Product Offers, and access to the Employee Assistance Program.