Manager, Application Security Team

About The Position

Requirements

• AI-first Expert-level proficiency with AI coding tools (Copilot, Claude, Cursor, agentic workflows), you ship at high velocity and drive your team to do the same
• Essential Strong background in application security, secure software development, and security design principles, such as:
• Experience with common security scanning tools (SAST, DAST, SCA) and understanding their limitations
• Background in penetration testing or red team work
• Familiarity with compliance frameworks (SOC2, PCI-DSS, HIPAA)
• Contributions to security open source projects or published security research
• Degree in computer science, cybersecurity, or related field with security focus
• Proven ability to find and fix vulnerabilities across multiple languages and frameworks
• Comfortable context-switching between hands-on coding and people management
• Leadership Skills Track record of mentoring and developing security engineers
• Ability to communicate security risks and trade-offs to both technical and non-technical audiences
• Experience prioritizing competing demands from multiple stakeholders
• Collaborative approach - build bridges with product teams and other functions

Responsibilities

• Lead Application Security Team
• Manage a team of 3-5 security engineers focused on vulnerability remediation across multiple products
• Triage and prioritize security findings from our scanning and penetration testing teams
• Own the end-to-end process from vulnerability identification to verified fix
• Build relationships with product engineering teams to coordinate remediation work without disrupting roadmaps
• Do the Work
• Personally fix complex security vulnerabilities across different codebases and tech stacks
• Design and build secure libraries and components that product teams can adopt
• Conduct security-focused code reviews and establish secure coding patterns
• Raise the Security Bar
• Define and maintain secure coding standards for AI-assisted development, addressing risks specific to LLM-generated code
• Develop remediation playbooks for common vulnerability classes
• Partner with the security scanning team to improve detection accuracy and reduce false positives
• Establish metrics to track remediation velocity, fix quality, and regression rates
• Drive security awareness through documentation and training.
• Support Compliance
• Ensure remediation work meets requirements for SOC2, PCI, and other applicable frameworks
• Provide evidence and documentation for audits and compliance reviews
• Help translate compliance requirements into actionable engineering work