Senior Manager, Application Security

About The Position

Requirements

• Bachelor’s degree in information security, IT, risk management, related discipline, or equivalent experience
• 10+ years of progressive experience in application security, product security, or software security engineering roles
• Hands-on experience securing modern application ecosystems, including web applications, APIs, microservices, cloud-native workloads, container, and Kubernetes platforms
• Demonstrated success building, scaling, and operating enterprise-grade Application Security programs within large, complex organizations, preferably in hybrid environments (on-premises, multi-cloud, Kubernetes, and SaaS).
• Experience partnering with application, DevOps, and platform engineering teams to design and implement security controls that scale without impeding developer velocity.
• Hands‑on experience implementing and operationalizing enterprise application security tooling and integrating controls into CI/CD pipelines and developer workflows.
• Secure SDLC principles and DevSecOps integration patterns
• Application security testing methodologies and tooling (SAST, DAST, SCA, API testing)
• Container security concepts, including image hardening, vulnerability scanning, secure registries, and container lifecycle management.
• Cloud-native application security concepts
• Software supply chain security principles
• Security automation and scripting (Python, PowerShell, or similar)
• CI/CD security integration patterns
• Demonstrated ability to lead, mentor, and develop high‑performing application security or product security engineering teams.
• Strong program and project management capabilities, with a track record of delivering complex, cross‑functional initiatives on time and within budget.
• Experience operating within global organizations and collaborating effectively across diverse geographies, cultures, and business units.
• Proven ability to manage third‑party vendors and security technology providers, including evaluation, onboarding, delivery oversight, and performance management.
• Strong interpersonal and collaboration skills, with comfort engaging regularly with senior leadership and key internal and external stakeholders.
• Excellent executive communication and presentation skills, with the ability to clearly articulate risk, strategy, and technical concepts to both technical and non-technical audiences.
• Strong ability to manage multiple concurrent priorities, exercise sound judgment, and effectively allocate time and resources in a fast‑paced environment.
• Proven ability to execute effectively amid ambiguity and incomplete information, applying risk‑based decision‑making.
• Demonstrated continuous learning mindset, staying current on emerging technologies, security threats, vulnerabilities, and attack vectors.
• Passion for innovation, automation, and driving continuous improvement in application security processes.

Nice To Haves

• Professional certifications such as CISSP, CISM, or similar

Responsibilities

• Develop, execute, and continuously mature the enterprise application security strategy in alignment with industry best practices, regulatory requirements, and client contractual obligations.
• Define and maintain secure application development standards for internally developed software, third-party applications, APIs, SaaS platforms and containerized workloads.
• Establish minimum security requirements for application authentication, authorization, encryption, secrets handling, and data protection.
• Define, maintain, and enforce secure SDLC and DevSecOps standards across all development teams.
• Integrate application security controls into CI/CD pipelines, developer platforms, and engineering workflows with a focus on automation and scalability.
• Partner with Application Engineering and DevOps teams to embed automated security testing and preventive controls while maintaining security ownership of policy and enforcement.
• Evaluate, select, implement, and manage the full lifecycle of application security tooling including: SAST, DAST, SCA, and API security testing platforms, Container image scanning and registry security tooling, Kubernetes security and runtime protection solutions, Software supply chain security tooling.
• Design and implement integrations between application security tooling and developer workflows to minimize friction and maximize adoption.
• Design and build automation to support application security processes including: Orchestrated automated security testing, Vulnerability triage and prioritization workflows, Developer feedback loops and ticketing system integrations, Exception handling, risk acceptance, and policy waiver workflows, Security metrics and pipeline telemetry.
• Identify and assess application security risks including vulnerable dependencies, insecure authentication patterns, data exposure risks, and insecure configuration.
• Perform and support threat modeling, architecture reviews, and secure design assessments for high-risk, or business critical applications.
• Support the security review, onboarding, and ongoing risk management of third-party and SaaS applications.
• Develop and maintain metrics, dashboards, and reporting to measure application security posture, testing coverage, and vulnerability remediation effectiveness.
• Provide application security subject matter expertise during security incidents, investigations, and post-incident remediation efforts.
• Lead, mentor, and develop a team of application security engineers, fostering strong technical depth and career growth.
• Partner with engineering leadership to drive secure-by-design development practices and shared accountability for risk reduction.
• Communicate application security risks, tradeoffs, and recommendations clearly to both technical and executive stakeholders.
• Promote a developer-friendly security culture focused on automation, guardrails, measurable risk reduction, and engineering velocity.
• Stay current on emerging application threats, attack techniques, and defensive technologies, and apply this knowledge to continuously improve program effectiveness.

Benefits

• Salary Information NY Only: The estimated base salary range for this position is $190,000 to $220,000 at the time of posting. The actual salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. This role is exempt meaning it is not overtime pay eligible.