Manager Application Security

About The Position

Requirements

• 10 plus years of cybersecurity experience with a strong focus on application security
• 5 plus years of people or program leadership experience operating an application security program in an enterprise environment
• Deep understanding of application security risks, including OWASP Top 10 and API security threats
• Hands on experience with modern SDLC, CI CD, and DevSecOps practices
• Experience implementing and managing application security testing tools and processes
• Ability to assess application architecture, design patterns, and authentication and authorization models
• Strong experience partnering with engineering teams to drive secure by design outcomes
• Excellent written and verbal communication skills, including executive level reporting
• Proven ability to influence engineering, product, risk, and compliance stakeholders

Nice To Haves

• Experience in highly regulated industries such as financial services or healthcare
• Familiarity with cloud native and microservices based architectures
• Experience with API security platforms and runtime visibility tools
• Background in penetration testing or threat modeling
• Experience defining application security metrics, KPIs, and maturity models

Responsibilities

• Lead the enterprise application security program across web, API, and mobile platforms
• Define and execute the application security vision, strategy, and roadmap aligned to business and risk objectives
• Establish and enforce application security standards, secure coding practices, and control requirements
• Partner with engineering leadership to embed security into architecture, design, and delivery decisions
• Oversee integration of application security testing tools, including SAST, DAST, and SCA, into CI CD pipelines
• Lead application security assessments and risk based remediation planning
• Provide threat informed guidance to engineering teams on high risk vulnerabilities and design patterns
• Collaborate with vulnerability management, cloud security, and infrastructure teams to drive cohesive risk reduction
• Establish governance, metrics, and reporting to measure application security maturity and effectiveness
• Represent application security in audit, regulatory, and risk management engagements
• Translate technical security risks into clear, business relevant insights for senior leaders
• Build, mentor, and develop application security engineers and subject matter experts
• Continuously improve tooling, automation, and processes to scale AppSec capabilities efficiently

Benefits

• competitive pay
• comprehensive medical, dental, and vision coverage
• retirement benefits
• maternity and paternity leave
• flexible work arrangements
• education reimbursement
• wellness programs
• paid time off policy exceeds the mandatory paid sick or paid time away policies of local and state jurisdictions in the United States