Application Security Engineering Manager

About The Position

Requirements

• Bachelor's degree in Computer Science, Engineering, or related field.
• 7+ years of professional experience in Security Management, Application Security.
• Proven people leadership experience in Application Security Engineering.
• Hands-on experience with application development (Java, Python, etc.).
• Deep expertise in application security methodologies such as SAST, DAST, SCA, etc.

Nice To Haves

• Strong understanding of Secure SDLC, application security engineering, and AWS cloud.
• Strong experience with application development (Java, Python, etc.).
• Familiarity with industry frameworks: OWASP, NIST SSDF.
• Ability to work independently and define strategic direction.
• Excellent communication, leadership, and stakeholder management skills.
• Certifications such as CISSP, CISM, CSSLP, or equivalent are preferred.

Responsibilities

• Set high-level strategy and direction for scanning orchestration and operational practices, while establishing clear expectations, goals, and success metrics.
• Lead and mentor a global team of application security engineers to build and efficiently manage scanning orchestration platform to efficiently identify security vulnerabilities.
• Collaborate with Vanguard development teams and stakeholders to integrate security tools, standards, and processes into the Secure Software Development Lifecycle (SSDLC).
• Implement and manage security tools within CI/CD pipelines to automate vulnerability detection and remediation.
• Work closely with Application security teams and leadership to bring application security scanning close to developers to enhance developer experience and reduce risk for the organization.
• Continuously evaluate Vanguard's application security scanning requirements, propose solutions, and work with leadership to bridge those gaps to protect Vanguard applications.
• Define and implement strategy to achieve 100% application code scanning to detect security vulnerabilities.
• Act as an industry expert in application security engineering practices and standards and guide the team to mature the Application Security program.
• Identify opportunities to automate the Application Security Scanning processes and guide the team to improve efficiency and achieve scalability.
• Deploy application security tools, processes, and documentation to support alignment with OWASP Top 10, Industry Standards, Current Events, and Best-Practices.
• Create and maintain documentation for integrated security processes, controls, and incident response playbooks.
• Develop and maintain a technical roadmap for security tooling and controls to stay ahead of evolving threats.
• Translate technical security strategies into business-aligned objectives for product and executive leadership.
• Establish a governance framework to benchmark program maturity and team performance.
• Stay current on emerging threats, including adversarial ML risks, and lead knowledge-sharing sessions across the organization.
• Help and guide the AppSec Engineering team towards technology initiatives such as AI/ML scanning, software-supply-chain, Unified Vulnerability Management platform, etc.