Application Security Manager

About The Position

Requirements

• 7+ years of experience in application security, including 2+ years managing security teams.
• Strong knowledge of secure coding practices in modern languages (e.g., Python, Java, JavaScript, Go).
• Experience deploying and managing AppSec tools such as SAST, DAST, SCA, IaC scanners, Application Security Posture Management (ASPM) and secrets detection tools.
• Hands-on experience in CI/CD platforms (e.g., GitHub Actions, GitLab CI, Jenkins, Azure DevOps).
• Solid understanding of cloud-native architectures (AWS/GCP/Azure), containers (Docker), and orchestration (Kubernetes).
• Experience with Infrastructure-as-Code (e.g., Terraform, CloudFormation) and securing DevOps pipelines.
• Familiarity with AI-driven AppSec tools for vulnerability management, threat detection, and LLM-assisted secure code review.
• Experience with LLMs (e.g., OpenAI GPT, Gemini) for code analysis, threat modeling, secure coding guidance or vibe coding.
• Understanding of prompt engineering, model fine-tuning, or integrating AI APIs into security workflows.
• Bachelor's degree in a relevant field or proven record of experience in Information Technology and Cyber Security roles.

Nice To Haves

• Experience in AI security (e.g., adversarial ML, model poisoning, AI system threat modeling).
• Experience in SAP Security, code review, vulnerability management, and threat monitoring.
• Certifications: OSCP - Offensive Security Certified Professional (Required or strong preference), GWAPT - GIAC Web Application Penetration Tester, OSWE - Offensive Security Web Expert (Preferred), CISSP - Certified Information Systems Security Professional (Preferred), GPEN - GIAC Penetration Tester (Preferred), AI/ML Certifications - e.g., Microsoft AI-102, Google Cloud ML Engineer, or similar (Bonus)

Responsibilities

• Lead the application security program with a focus on securing CI/CD pipelines, cloud-native apps, and microservices.
• Manage a team of DevSecOps engineers and security champions across development squads.
• Develop and implement scalable security tooling, static and dynamic code analysis software composition, and Software Bill of Material.
• Integrate AI and machine learning tools for threat modeling, code analysis, and anomaly detection.
• Collaborate with development, infrastructure, and product teams to ensure secure architecture and coding practices.
• Establish AppSec policies, threat modeling frameworks, and secure coding guidelines.
• Build metrics and reporting to track the effectiveness of AppSec initiatives and risk posture.
• Evaluate and implement AI-based AppSec tools and integrations within the DevSecOps toolchain.
• Lead incident response and secure code review processes for critical applications.
• Act as the primary point of contact for application security audits and compliance initiatives.

Benefits

• Health and Wellness: A range of medical, dental and vision insurance plans, as well as mental health support and wellness initiatives.
• Retirement Savings: Competitive 401(k) Plan with a generous dollar-for-dollar Company matching contribution of up to 6% of eligible pay.
• Employee Assistance Program: Confidential counseling services and resources available to all employees.
• Matching charitable donations: Corebridge matches donations to tax-exempt organizations 1:1, up to $5,000.
• Volunteer Time Off: Employees may use up to 16 volunteer hours annually.
• Paid Time Off: Eligible employees start off with at least 24 Paid Time Off (PTO) days.