Manager, Application Security

Guild Mortgage•,

19h•$124,139 - $181,553•Onsite

About The Position

The Application Security Manager at Guild Mortgage will lead our application security program, protect our software development lifecycle, and partner with engineering teams to build security into every product we create. They will set secure development standards, conduct secure code reviews, and integrate security into our CI/CD pipelines. Their expertise in vulnerability management will be essential for identifying, triaging, and resolving application vulnerabilities through both automated tools and manual testing. They’ll lead Shift Left initiatives, guiding software engineering teams in implementing robust security measures. As the application security Subject Matter Expert (SME), they will support developers in reproducing vulnerabilities, understanding their risks, and applying effective mitigations. Collaboration is key—they will work closely with product, engineering, DevOps, and compliance teams to design secure applications from the outset and align security practices with business goals. They will also partner with the incident response team to investigate and resolve application-related security incidents.

Requirements

A combination of education and experience may be considered in lieu of the Bachelor’s degree.
Degree in Computer Science, Cybersecurity, Information Technology, related field, or equivalent professional experience demonstrating comparable expertise.
Minimum seven years experience in application security, software development, or related security engineering roles.
Minimum three years supervisory or leadership experience.
Demonstrated knowledge of secure coding principles, OWASP vulnerabilities, and threat modeling methodologies.
Proficiency with application security tools including SAST, DAST, and software composition analysis platforms.
Strong communication skills – equally comfortable presenting risk to executive or walking engineers through code fixes.
Excellent verbal and written communication skills required.
Highly organized and detail-oriented; ability to work in a fast-paced, metrics-driven environment required.
Proficiency in Microsoft Office Suite, Word, Excel, Wiki, collaborative cloud-based programs, and third-party software applications required.
Commitment to company values.
Customer Service - Proactive attention to each person.
Integrity - Do and say what's right.
Respect - Treat others with dignity.
Collaboration - Listen and work together.
Learning - Seek knowledge and strive for improvement.
Excellence – Deliver the unexpected.

Nice To Haves

Bachelors Degree directly related to the position or equivalent, preferred.

Responsibilities

Develop and execute application security strategy, including threat modeling, secure code review practices, and vulnerability management.
Establish and maintain secure software development lifecycle practices and standards across all engineering teams.
Oversee vulnerability management programs including triage, remediation tracking, and executive reporting.
Manage the application security tool portfolio including SAST, DAST, and software composition analysis platforms.
Lead threat modeling and architectural security reviews for critical systems and new initiatives.
Coordinate third-party security assessments, penetration testing, and code reviews.
Drive security awareness and training programs tailored to developer and architect audiences.
Establish KPIs and executive dashboards to communicate application security posture and risk trends.
Partner with Engineering, DevOps, and Product leadership to embed security into CI/CD pipelines and release processes.
Define and enforce application security policies, standards, and control frameworks.
Evaluate and response to emerging threats, CVEs, and industry developments relevant to application security.
Lead, mentor, and grow a team of application security engineers.