Sr. Manager, Application Security

About The Position

Requirements

• 8+ years of experience in Application Security or Secure Software Engineering.
• 3+ years leading or managing technical security teams.
• Strong hands-on experience with: Ruby (Rails) application security Go (Golang) application security
• Deep knowledge of: Secure SDLC practices Threat modeling methodologies (e.g., STRIDE, attack trees) SAST and SCA tools and rule tuning OWASP Top 10 and API Security Top 10
• Experience integrating security tools into CI/CD pipelines.
• Familiarity with cloud-native application security in AWS environments.
• Strong understanding of microservices security patterns (service-to-service auth, token handling, API gateways, etc.).
• Strong communicator capable of influencing senior engineering leaders.

Nice To Haves

• Experience in fintech, payments, or other regulated environments.
• Knowledge of PCI DSS and SOC 2 security expectations.
• Experience with container security and Kubernetes-based deployments.
• Experience building security metrics and executive-level reporting.
• Passionate about mentoring engineers and raising secure coding maturity.

Responsibilities

• Lead the Application Security team, including hiring, mentoring, and performance management.
• Define and execute the Application Security roadmap aligned with business priorities and regulatory obligations (e.g., PCI, SOC 2).
• Partner closely with Engineering, Product, QA, Infrastructure, and DevOps leadership to embed security early in the SDLC.
• Oversee security design reviews and code security reviews across: Go-based microservices Ruby-based monolith applications
• Provide technical guidance on secure architecture decisions in a cloud-first (AWS) environment.
• Own and continuously improve the organization’s threat modeling framework and ensure it’s embedded in new feature development and architectural changes.
• Ensure SAST and SCA tooling is integrated into CI/CD and appropriately tuned to reduce false positives.
• Drive meaningful reporting dashboards for Development and Engineering leadership.
• Establish and operationalize a risk-based vulnerability prioritization framework and scoring rubric aligned with OWASP guidance and applicable industry standards.
• Act as a trusted advisor to Engineering leadership and influence architectural decisions that reduce systemic risk.

Benefits

• Competitive salary and benefits with growth-company options grant
• Fast- paced and professional work culture
• Stock options with standard startup vesting - 1 year cliff; 4 years total
• $50 monthly communication expense stipend to go towards your phone/internet bill
• $250 stipend to enhance your WFH setup
• Reimbursement for peripheral equipment: monitor (up to $400), keyboard and mouse (up to $200)
• Premium medical benefits including vision and dental (100% coverage for employees)
• Company-sponsored life and disability insurance
• Paid parental bonding leave
• Paid sick leave, jury duty, bereavement
• 401k plan
• Flexible Time Off (our team members typically take off ~3-4 weeks per year)
• Volunteer Time Off
• 13 scheduled holidays