Senior Manager, Security Engineering

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, Information Technology or equivalent education and experience.
• 8+ years of experience in information security, application security, or related engineering fields.
• At least 5 years of experience leading or mentoring security engineers or software engineers, including responsibility for prioritization, execution, and delivery of work.
• Hands-on experience designing, implementing, or operating application security practices within a software development lifecycle
• Demonstrated experience leading or facilitating threat modeling for modern application architectures.
• Experience owning, operating, or scaling security tooling in production environments, including responsibility for reliability, effectiveness, and integration into engineering workflows.
• Experience partnering with engineering and product teams to embed security into delivery processes rather than operating as a separate control function.
• Application security expertise, including secure SDLC practices, vulnerability management, and design-level risk identification.
• Strong understanding of threat modeling methodologies and the ability to apply them pragmatically within engineering workflows.
• Ability to operate and evaluate security tooling with a focus on effectiveness, signal quality, and integration into engineering processes.
• Strong people leadership skills, including coaching, feedback, and development of security engineers.
• Ability to translate ambiguous security and business goals into clear plans, priorities, and measurable outcomes.
• Strong execution and project management skills, including roadmap planning, prioritization, and delivery tracking
• Excellent written and verbal communication skills, with the ability to explain security risk and tradeoffs to both technical and non-technical audiences.
• Strong judgment and risk-based decision-making capabilities.

Nice To Haves

• Experience as a formal people manager with direct reports, including hiring, performance management, coaching, and career development.
• Experience building or scaling an application security or product security function in a growing organization.
• Experience defining and owning security engineering roadmaps and delivery commitments.
• Experience operating in regulated or high-compliance environments such as healthcare, financial services, PCI, or HIPAA.
• Experience working in cloud-native or SaaS environments.
• Demonstrated experience optimizing developer experience and adoption of security tooling at scale.
• Experience defining and operationalizing security metrics to measure program effectiveness and risk reduction.
• Experience leading security initiatives in complex or regulated environments.
• Formal security certifications such as CISSP, CSSLP, AWS Security Specialty, or equivalent practical experience.

Responsibilities

• Own the strategy, execution, and continuous improvement of the application security program.
• Ensure secure development practices are embedded into SDLC workflows.
• Partner with engineering and product teams to balance risk reduction with delivery velocity.
• Drive consistency in how AppSec guidance and controls are applied across teams and products.
• Own the operational health, effectiveness, and adoption of security tools such as SAST, DAST, SCA, and secrets scanning.
• Ensure tooling is reliable, well-integrated, and delivering high signal-to-noise outcomes.
• Drive backlog prioritization for tooling improvements, automation, and integration.
• Measure and improve tool performance, coverage, and developer experience.
• Establish and scale threat modeling practices across engineering teams.
• Ensure threat modeling is practical, repeatable, and aligned with real delivery workflows.
• Coach engineers on identifying and mitigating architectural and design-level risks.
• Ensure outputs translate into actionable engineering and security improvements.
• Deep collaboration with the Security Architecture Team.
• Build, lead, and develop a high-performing security engineering team.
• Provide regular coaching, feedback, and career development support.
• Create clarity of ownership while enabling autonomy within guardrails.
• Foster an inclusive, accountable, and execution-focused team culture.
• Define and own meaningful security engineering metrics including coverage, findings, remediation SLAs, and tooling health.
• Track and report progress against commitments for the application security and tooling roadmap.
• Manage project delivery for the security engineering vertical.
• Translate ambiguous goals into clear plans, priorities, and outcomes.

Benefits

• United States Comprehensive medical, dental, and vision benefits, including a company Health Savings Account contribution
• 401(k): ModMed provides a matching contribution each payday of 50% of your contribution deferred on up to 6% of your compensation. After one year of employment with ModMed, 100% of any matching contribution you receive is yours to keep.
• Generous Paid Time Off and Paid Parental Leave programs
• Company paid Life and Disability benefits
• Flexible Spending Account, and Employee Assistance Programs
• Company-sponsored Business Resource & Special Interest Groups that provide engaged and supportive communities within ModMed
• Professional development opportunities, including tuition reimbursement programs and unlimited access to LinkedIn Learning
• Global presence and in-person collaboration opportunities; dog-friendly HQ (US)
• Hybrid office-based roles and remote availability for some roles
• Weekly catered breakfast and lunch, treadmill workstations, Zen, and wellness rooms within our BRIC headquarters.