Lead Application Security Engineer
About The Position
At Apollo, we’re a global team of alternative investment managers passionate about delivering uncommon value to our investors and shareholders. With over 30 years of proven expertise across Private Equity, Credit and Real Estate, regions and industries, we’re known for our integrated businesses, our strong investment performance, our value-oriented philosophy – and our people. We are seeking a Director of Application Security to join Apollo’s global Cyber Security & Risk team within Engineering. This leader will define and drive the firm’s application security strategy—strengthening secure development practices, architecture, and runtime environments across a diverse, expanding portfolio. You will oversee the design and operation of a scalable application security program, partnering closely with engineering, security, and business teams to embed security throughout the software lifecycle.
Requirements
- 10+ years of hands-on experience in Application Security, with a strong background in software development (IDE/CLI environments).
- Bachelor’s degree in Computer Science, Information Technology, Information Security, or a related field.
- Demonstrated success partnering with software development teams to provide security oversight across complex application ecosystems.
- Proven expertise with IDEs, version control systems, CI/CD pipeline management, secure SDLC practices, and SaaS-based security tools (SCA, SAST, DAST) as well as application inventory management.
- Strong understanding of application architecture, security controls, cloud environments, and penetration testing methodologies.
- Exceptional collaboration and critical thinking skills, with the ability to operate effectively in a fast-paced, dynamic environment.
- Familiarity with leading security standards and frameworks (OWASP, NIST, ISO 27001, MITRE ATT&CK) and testing tools such as Burp Suite.
- Experience working within or alongside regulated industries (e.g., financial services) and understanding their impact on application security practices.
- Ongoing commitment to staying informed on emerging threats and trends to proactively enhance security measures.
Nice To Haves
- Experience with Snyk and GitHub is highly desirable.
- Professional certifications such as CISSP, CSSLP, CASE, GWEB, or MCSA/MCSE are strongly preferred.
Responsibilities
- Lead threat modeling for new and existing applications to identify risks, recommend mitigations, and ensure control alignment with enterprise standards.
- Guide teams in secure design principles, validate adherence to security controls, and ensure threat models inform architectural decisions.
- Define and implement secure development lifecycle (SDLC) processes and tools—including SAST, SCA, and secret scanning—and drive adoption across development teams.
- Integrate and maintain security tooling to streamline analysis, reporting, and remediation workflows throughout the software lifecycle.
- Build and sustain a security champion program, fostering developer engagement and ensuring teams understand secure coding practices and delivery expectations.
- Oversee penetration testing, code reviews, and application assessments to identify vulnerabilities and guide timely remediation.
- Establish governance frameworks to ensure compliance with internal security policies, industry standards, and regulatory requirements. Monitor, report, and continuously improve the firm’s compliance posture.
Benefits
- Discretionary annual bonus based on personal, team, and Firm performance.
- Investment in people for the long term and commitment to supporting their development at every stage of their career.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Director
