Manager, Application Security

About The Position

Requirements

• Bachelor's degree in Computer Science, Engineering, or related field.
• 7+ years of professional experience in Security Management, Application Security, or ML Security.
• Proven leadership experience in IT Security and governance.
• Hands-on experience with SAST, DAST, SCA tools.
• Familiarity with secure ML lifecycle practices (MLSecOps).

Nice To Haves

• Strong understanding of secure SDLC, application security testing, and supply chain security.
• Experience with MLSecOps practices and securing AI/ML pipelines.
• Familiarity with industry frameworks: OWASP SAMM, BSIMM, SLSA, NIST SSDF.
• Experience with cloud platforms (AWS, Azure, GCP) and cloud-native security practices.
• Ability to work independently and define strategic direction without supervision.
• Excellent communication, leadership, and stakeholder management skills.
• Certifications such as CISSP, CISM, CSSLP, or equivalent are preferred.
• Experience with one or more of programming languages such as Python, Java, C#, C++, etc.

Responsibilities

• Set high-level strategy and direction for secure software development and supply chain practices.
• Establish clear expectations, goals, and success metrics.
• Collaborate with cybersecurity experts, technology teams, suppliers, and business leaders to define and enforce controls that protect enterprise assets and critical systems.
• Mentor and lead a global team of application security professionals to implement security tools for dynamic scanning, and to protect software supply chain, APIs, and AI/ML applications.
• Collaborate with Vanguard development teams to integrate security tools, standards, and processes into the Secure Software Development Lifecycle (SSDLC).
• Implement and manage security tools within CI/CD pipelines to automate vulnerability detection and remediation.
• Lead secure software supply chain initiatives including SBOM generation, artifact signing and provenance, and alignment with industry standards.
• Craft and deploy application security tools, processes, and documentation to support alignment with OWASP Top 10, Industry Standards, Current Events, and Best-Practices.
• Define governance procedures and provide strategic recommendations on security policies for secure application and ML model development.
• Partner with platform and product teams to triage and remediate threats and vulnerabilities across web, mobile, backend, and ML systems.
• Create and maintain documentation for integrated security processes, controls, and incident response playbooks.
• Develop and maintain a technical roadmap for security tooling and controls to stay ahead of evolving threats.
• Translate technical security strategies into business-aligned objectives for product and executive leadership.
• Establish a governance framework to benchmark program maturity and team performance.
• Stay current on emerging threats, including adversarial ML risks, and lead knowledge-sharing sessions across the organization.