American Red Cross
Information Security Engineer - Vulnerability Management
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
View Full Job Details on LinkedInAbout American Red Cross
The American Red Cross is a nonprofit humanitarian organization founded in 1881 by Clara Barton in Washington, D.C. It operates as a national affiliate of the International Federation of Red Cross and Red Crescent Societies. The organization is dedicated to alleviating human suffering caused by wars and natural disasters, providing services to members of the armed forces and their families, as well as disaster relief both domestically and internationally. The American Red Cross offers a wide range of services, including disaster relief and emergency assistance, blood banking services, military support, public health and nursing services, and training programs in first aid and disaster preparedness. It also conducts international development programs, such as immunization initiatives and housing projects. The organization relies on donations and volunteers to fulfill its mission, operating through a network of local chapters that have grown significantly since its inception.
Security at American Red Cross
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
- The American Red Cross's security philosophy emphasizes a risk-based approach centered on vulnerability management and remediation.
- Stated priorities include 'lowering organizational risk posture' and 'tracking remediation' through coordination with system owners.
- There are no public statements defining a 'developer-first' or 'paved road' approach.
- Instead, the focus appears to be on 'review, assess and provide remediation recommendations' to ensure consistency with policy.
- No explicit mission statement for the Application Security team specifically was found in public domains.
Security Team
- The American Red Cross security leadership includes Vikas Mahajan, who serves as Vice President & CISO, and Ronnie Strickland, the Chief Information Officer.
- The team is currently expanding its vulnerability management capabilities, as evidenced by active recruitment for Information Security Engineers.
- These roles are remote-friendly and focus on collaborating with other InfoSec engineers to assess and remediate risks.
- Key personnel identified in technical roles include Lakshmi Chaganthi, an Information Systems Security IT Analyst III.
- Specific organizational reporting lines for the AppSec team (e.g., whether they report to the CISO or CTO) are not explicitly documented in public records.
Key Initiatives
Current initiatives at the American Red Cross are heavily focused on the Vulnerability Management Process. This includes the 'release of newly identified vulnerabilities' to the organization and 'tracking progress of vulnerability remediation with responsible system owners'. The team is also involved in responding to 'cyber security incidents'. There is no public evidence of a Security Champions program, 'shift-left' IDE integrations, or specific Secure SDLC artifacts like mandatory threat modeling sessions.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.
Interested in this role?
Apply on LinkedIn