Lead Application Security

About the role

The Lead Application Security is responsible for advancing Chevron's Application Security Program by strengthening security testing, vulnerability validation, and remediation practices across the software development lifecycle. This role leads secure design reviews, threat modeling, code analysis, and automated testing to identify application risks early, prioritize findings based on business impact, and drive timely remediation. The Lead partners with DevOps, architecture, engineering, cloud, and cybersecurity teams to improve application security controls and enable the secure delivery of resilient applications at enterprise scale. Responsibilities for this position may include but are not limited to: Define and mature Chevron's enterprise application security strategy, standards, roadmap, and operating model. Embed secure SDLC practices, including threat modeling, secure design reviews, automated testing, and CI/CD security controls. Oversee application security assessments, vulnerability prioritization, remediation governance. Partner with engineering, cloud, DevOps, architecture, Pen Testing, Red Team, and other Threat Exposure Management teams to align coverage and drive remediation. Build developer enablement programs, standards, playbooks, and guidance to improve secure coding and architecture practices. Lead and develop the AppSec team while managing program metrics, tooling, vendors, and continuous improvement. Required Qualifications: Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, or related field, or equivalent experience. Experience leading application security, secure SDLC, software security engineering, or related cybersecurity programs. Knowledge of application security testing, threat modeling, secure design, software supply chain security, and CI/CD security controls. Ability to influence cross-functional teams and drive risk-based remediation and secure engineering adoption. Experience leading people, programs, governance processes, metrics, vendors, or cross-functional security initiatives.

Requirements

• Relevant security certification such as CISSP, CSSLP, GWEB, GWAPT, OSWE, or comparable credential.
• Experience building or maturing an enterprise AppSec program, including roadmap, operating model, and KPI reporting.
• Hands-on experience with AppSec tooling and practices, including SAST, DAST, SCA, API security, secrets detection, SBOMs, or cloud-native application security.
• Strong communication skills with the ability to advise senior stakeholders, engineering leaders, product owners, and development teams.
• Relocation Options:
• Relocation may be considered.
• International Considerations:
• Expatriate assignments will not be considered.
• Chevron regrets that it is unable to sponsor employment Visas or consider individuals on time-limited Visa status for this position.
• U.S. Regulatory notice:
• We are committed to providing reasonable accommodations for qualified individuals with disabilities. If you need assistance or an accommodation, please email us at emplymnt@chevron.com .
• Chevron participates in E-Verify in certain locations as required by law.

Benefits

Additional Information

Total Number of Openings 1 Chevron is accepting online applications for the position Lead Application Security through June 29th, 2026, at 11:59 p.m. (Central Time).

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Chevron? Share your experience