Lead Application Security Engineer

Apollo Management Holdings•New York City, NY

15d

About The Position

At Apollo, we’re a global team of alternative investment managers passionate about delivering uncommon value to our investors and shareholders. With over 30 years of proven expertise across Private Equity, Credit and Real Estate, regions and industries, we’re known for our integrated businesses, our strong investment performance, our value-oriented philosophy – and our people. We are seeking a Director of Application Security to join Apollo’s global Cyber Security & Risk team within Engineering. This leader will define and drive the firm’s application security strategy—strengthening secure development practices, architecture, and runtime environments across a diverse, expanding portfolio. You will oversee the design and operation of a scalable application security program, partnering closely with engineering, security, and business teams to embed security throughout the software lifecycle. The ideal candidate is a collaborative, strategic thinker who fosters open communication, empowers teams, and drives measurable outcomes. This is an opportunity to make a meaningful impact within a global cybersecurity organization that is investing deeply in its people, processes, and technology.

Requirements

10+ years of hands-on experience in Application Security, with a strong background in software development (IDE/CLI environments).
Bachelor’s degree in Computer Science, Information Technology, Information Security, or a related field.
Demonstrated success partnering with software development teams to provide security oversight across complex application ecosystems.
Proven expertise with IDEs, version control systems, CI/CD pipeline management, secure SDLC practices, and SaaS-based security tools (SCA, SAST, DAST) as well as application inventory management.
Strong understanding of application architecture, security controls, cloud environments, and penetration testing methodologies.
Exceptional collaboration and critical thinking skills, with the ability to operate effectively in a fast-paced, dynamic environment.
Familiarity with leading security standards and frameworks (OWASP, NIST, ISO 27001, MITRE ATT&CK) and testing tools such as Burp Suite.
Experience working within or alongside regulated industries (e.g., financial services) and understanding their impact on application security practices.
Ongoing commitment to staying informed on emerging threats and trends to proactively enhance security measures.

Nice To Haves

Experience with Snyk and GitHub is highly desirable.
Professional certifications such as CISSP, CSSLP, CASE, GWEB, or MCSA/MCSE are strongly preferred.

Responsibilities

Application Threat Modeling: Lead threat modeling for new and existing applications to identify risks, recommend mitigations, and ensure control alignment with enterprise standards.
Application Design & Architecture: Guide teams in secure design principles, validate adherence to security controls, and ensure threat models inform architectural decisions.
Secure SDLC Development & Implementation: Define and implement secure development lifecycle (SDLC) processes and tools—including SAST, SCA, and secret scanning—and drive adoption across development teams.
Operationalization of Security Tools: Integrate and maintain security tooling to streamline analysis, reporting, and remediation workflows throughout the software lifecycle.
Application Security Awareness & Enablement: Build and sustain a security champion program, fostering developer engagement and ensuring teams understand secure coding practices and delivery expectations.
Application Security Testing: Oversee penetration testing, code reviews, and application assessments to identify vulnerabilities and guide timely remediation.
Governance, Risk, and Compliance: Establish governance frameworks to ensure compliance with internal security policies, industry standards, and regulatory requirements. Monitor, report, and continuously improve the firm’s compliance posture.