Senior IT Application & Data Security
 Vaco | |
$105,000.00 - $125,000.00 / yr
| |
 United States, Texas, Houston | |
 Aug 07, 2025 | |
|
Vaco is working with a client in the Oil & Gas Industry that is seeking a Senior IT Application & Data Security Specialist in Houston, TX.
Job Summary Senior Application & Data Security Specialist to support the development and execution of the enterprise data security and cyber resilience strategy. This role will focus on securing critical business applications, sensitive data, and supporting the organization's readiness to withstand and recover from cyber disruptions. The ideal candidate will have deep experience in application security (with emphasis on DevSecOps and open-source environments), data protection (including SAP and cloud ecosystems), and disaster recovery/cyber resilience planning. This position will work cross-functionally with Enterprise Architecture, Enterprise Applications, Data & AI, and Business Technology teams to ensure data is securely managed across the lifecycle. It will also align with Legal and Compliance teams to address data privacy, sovereignty, and regulatory obligations. Responsibilities Application & Open-Source Security * Lead the design and implementation of secure SDLC and DevSecOps practices across application development teams * Define security requirements and controls for applications developed using Python and other scripting languages * Secure the use of open-source components, integrating automated tools such as SCA (Software Composition Analysis), SAST, and DAST * Provide technical guidance to developers and business technologists, translating complex security risks into understandable and actionable items * Partner with product owners and DevOps teams to embed security into CI/CD pipelines. Data & SAP Security * Collaborate with Enterprise Architecture, Data & AI, and SAP teams to design and implement data protection controls across on-prem and cloud environments * Support the development of a comprehensive data security strategy, including classification, encryption, access control, and monitoring * Ensure sensitive data within SAP and enterprise platforms is protected in accordance with business needs and regulatory requirements * Conduct assessments to identify data security gaps and recommend mitigation strategies * Align data and application security controls with relevant regulations (e.g., GDPR, CCPA, SOX) and internal policies * Contribute to internal audits and assessments, and support remediation of identified risks Cyber Resilience & Disaster Recovery * Develop a cyber resilience strategy focused on the protection and recovery of critical data assets * Define architecture requirements and best practices for secure backup, recovery, and immutable storage * Design and coordinate realistic disaster recovery drills to test the organization's cyber resilience posture * Evaluate DR and backup solutions for alignment with data criticality, RTO/RPO requirements, and cyber threat scenarios Licenses/ Certifications Relevant certifications such as CISSP, CISM, SABSA, TOGAF, or AWS/GCP/Azure Security are a plus Qualifications/Requirements * Bachelor's degree in Computer Science, Information Security, or a related technical field * Minimum 5 years of experience in application security, data protection, or cybersecurity roles * Proven experience implementing DevSecOps practices and securing open-source environments, especially in Python-heavy ecosystems * Strong understanding of SAP security, data classification, and cloud data protection controls * Hands-on experience securing data platforms such as Databricks including integration with IAM, data masking, and encryption controls * Familiarity with data lakehouse architectures, big data pipelines, and the unique security considerations of AI/ML environments * Experience with data governance platforms (e.g., Collibra, Alation), AI/ML security, or Zero Trust for data pipelines * Experience designing cyber resilience or disaster recovery strategies focused on critical data. * Solid understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, CIS, MITRE ATT&CK) * Ability to bridge the gap between technical teams and business stakeholders with strong communication and influence skills * Participate in the security on-call rotation to provide timely support for cybersecurity operations and be available during nights or weekends as needed * Strong project management experience, including developing plans, roadmaps and milestones * Experience with project management tools like Azure DevOps, Jira, etc. * Experience with SAST/DAST platforms Vaco by Highspring values a diverse workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply. EEO Notice
Vaco by Highspring is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race (including but not limited to traits historically associated with race such as hair texture and hair style), color, sex (includes pregnancy or related conditions), religion or creed, national origin, citizenship, age, disability, status as a veteran, union membership, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, political affiliation, or any other protected characteristics as required by federal, state or local law. Vaco by Highspring and its parents, affiliates, and subsidiaries are committed to the full inclusion of all qualified individuals. As part of this commitment, Vaco by Highspring and its parents, affiliates, and subsidiaries will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact HR@vaco.com . Vaco by Highspring also wants all applicants to know their rights that workplace discrimination is illegal. By submitting to this position, you agree that you will be giving Vaco by Highspring the exclusive right to present your as a candidate for the foregoing employment opportunity. You further agree that you have represented information about yourself accurately and have not affirmatively misrepresented your qualifications. You also agree to maintain as confidential, to the fullest extent permitted by law, any information you learn from Vaco by Highspring about the position and you will limit disclosure of information about the position only to the extent necessary to perform any obligations in furtherance of your application. In exchange, Vaco by Highspring agrees to exercise reasonable efforts to represent you through all solicitation, job screening and resume dispersal. Privacy Notice
Vaco by Highspring and its parents, affiliates, and subsidiaries ("we," "our," or "Vaco by Highspring") respects your privacy and are committed to providing transparent notice of our policies.
Pay Transparency Notice
Determining compensation for this role (and others) at Vaco by Highspring depends upon a wide array of factors including but not limited to:
With that said, as required by local law, Vaco by Highspring believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses. | |