Application Security Manager

About The Position

Requirements

• 8+ years of experience in application security, DevSecOps, or security-focused software development
• Strong software engineering background combined with deep security expertise
• Deep understanding of web application security principles, OWASP Top 10, and CWE Top 25
• Hands-on experience performing secure code reviews in C#
• Experience building and maintaining security automation in CI/CD pipelines
• Solid understanding of Azure cloud services, infrastructure security, and deployment patterns
• Experience integrating SAST, DAST, SCA, and secret scanning tools into development workflows
• Proficiency in scripting (Python, Bash) for automation and tooling
• Extensive hands-on experience with AI-assisted and agentic development workflows, with deep expertise in their security implications; recognized for major contributions in this space and driven by strong curiosity to push the boundaries of AI in the SDLC
• Familiarity with authentication protocols such as OIDC, SAML, and OAuth
• Ability to clearly communicate security risks and trade-offs to both technical and non-technical stakeholders

Nice To Haves

• GitHub Actions preferred

Responsibilities

• Ensure security is embedded into CI/CD pipelines by delivering scalable, automated tooling and integrated security checks (SAST, DAST, SCA, secret scanning)
• Enable secure-by-default development by designing and implementing automated, policy-driven security review workflows
• Establish robust security guardrails within AI-assisted development and agent workflows to reduce risk while maintaining developer velocity
• Reduce risk exposure by proactively identifying, assessing, and driving remediation of application security vulnerabilities
• Strengthen application security posture by leading threat modeling and security assessments for new features and architectural changes
• Improve detection and response capabilities through the development of automation, tooling, and streamlined vulnerability management processes
• Elevate cloud and application security by partnering with Infrastructure SecOps to harden Azure environments and deployment practices
• Enhance external security feedback loops by contributing to and scaling the bug bounty program and vulnerability intake processes
• Writing code for security tooling, CI/CD configurations, and automated review workflows
• Designing and refining policy-based security checks in pipelines
• Building and improving guardrails for AI-assisted development and agent workflows
• Participating in architecture and design discussions with engineering teams
• Collaborating with Infrastructure SecOps on shared security initiatives
• Triaging and prioritizing security alerts and vulnerabilities
• Sharing knowledge through pairing, code reviews, and informal coaching

Benefits

• Ability to express yourself, evolve and develop your creativity in an environment that will adapt to your daily life and your needs
• Healthy and inclusive work environment