Application Security Lead / Manager

About The Position

Requirements

• 7+ years of experience in Application Security, Product Security, or Security Engineering.
• Strong understanding of secure software development practices and modern application architectures.
• Experience performing threat modeling, security assessments, and code review activities.
• Hands-on experience with vulnerability management and remediation programs.
• Experience managing external penetration testing engagements.
• Deep familiarity with modern AppSec tooling and CI/CD security integration.
• Strong communication skills with the ability to influence engineering and product stakeholders.

Nice To Haves

• Experience leading or building AppSec programs in cloud-native environments.
• Knowledge of AWS, Azure, or GCP security best practices.
• Experience with DevSecOps methodologies and automation.
• Relevant security certifications such as CISSP, CSSLP, GWAPT, GWEB, or OSCP.

Responsibilities

• Own and manage the Application Security program and secure software development lifecycle (SSDLC).
• Establish, maintain, and continuously improve application security standards, policies, and procedures.
• Ensure security requirements are integrated into engineering roadmaps and development processes.
• Conduct technical security reviews and application security assessments.
• Lead threat modeling initiatives across products and platforms.
• Identify architectural and design-level security risks and partner with engineering teams on mitigation strategies.
• Drive the end-to-end vulnerability management lifecycle for applications and services.
• Establish remediation priorities and accountability across engineering teams.
• Track, report, and improve vulnerability remediation performance and risk reduction metrics.
• Manage external penetration testing engagements and red team activities.
• Coordinate findings validation, remediation planning, and closure activities.
• Ensure testing results are translated into actionable security improvements.
• Oversee implementation and optimization of application security tooling, including: SAST, DAST, Software Composition Analysis (SCA), Secrets detection, Infrastructure-as-Code scanning.
• Integrate security controls and automated testing into CI/CD pipelines.
• Continuously improve security gates while maintaining developer productivity.
• Serve as the primary security partner to Engineering leadership.
• Drive security awareness and secure coding practices across development teams.
• Build scalable processes that enable engineers to identify and address security issues efficiently.
• Promote a culture of shared security ownership.

Benefits

• Competitive salary
• Hybrid work environment (3 days in office per week)
• 100% individual and dependent medical + dental + vision coverage
• 401(K) with a 4% company match
• 20 days PTO
• Iru Wellness Week the first week in July
• Equity for full-time employees
• In-office lunch stipend provided
• Up to 16 weeks of paid leave for new parents
• Paid Family and Medical Leave
• Modern Health mental health benefits for individuals and dependents
• Fertility benefits
• Working Advantage employee discounts
• Onsite fitness center
• Free parking
• Exciting opportunities for career growth