Manager - Application Security

Job Description About the Role: We are seeking an experienced and technically strong Application Security Manager to lead and mature our application security program. The ideal candidate will have 5 - 8 years of relevant experience, a deep understanding of secure software development, and the ability to work independently while collaborating with cross-functional teams. You will be responsible for integrating security into the software development lifecycle, managing application security initiatives, and enabling secure innovation across the organization. Responsibilities Program Leadership: - Lead and manage the application security program, aligning with the overall security strategy and business objectives. Secure SDLC Integration - Integrate security tools, standards, and processes into the product lifecycle (SDLC, CI/CD), ensuring security is embedded from design through deployment. Security Assessments & Testing - Oversee and conduct application security assessments, including static and dynamic analysis, manual and automated penetration testing, and code reviews. Vulnerability Management - Manage the process for identifying, prioritizing, and remediating application vulnerabilities in collaboration with engineering and product teams. Threat Modeling & Risk Analysis - Lead threat modeling and risk analysis activities for new and existing applications, ensuring security requirements are defined and addressed early in the development process. Policy & Standards Development - Develop, maintain, and improve secure development standards, policies, and guidelines; ensure compliance with regulatory and industry standards (e.g., PCI, SOX, ISO27001). Incident Response Support - Provide application security expertise during incident response and architecture review processes as needed. Training & Awareness - Train and mentor developers, QA, and other stakeholders on secure coding practices, secure design, and emerging threats. Metrics & Reporting - Produce and communicate metrics and reports on the state of application security, including program effectiveness and development team performance against security requirements. Vendor & Third-Party Security - Support vendor security reviews to ensure third-party software and services meet organizational security standards. Desired Candidate Profile - 5 - 8 years of experience in application security, software development, or related roles, with a strong track record managing or leading application security programs. - Deep understanding of common application vulnerabilities (e.g., OWASP Top 10), secure coding practices, and application security testing methodologies. - Hands-on experience with security tools such as SAST, DAST, IAST, SCA, and penetration testing frameworks. - Proficiency in at least one major programming language (e.g., Java, C/C++, JavaScript) and familiarity with modern development and testing tools (e.g., Git, JIRA, Maven). - Experience integrating security into agile and waterfall development processes. - Strong leadership, communication, and stakeholder management skills, with the ability to influence and educate both technical and non-technical audiences. - Experience with regulatory and industry standards (PCI, SOX, ISO27001, etc.). - Ability to translate security and risk concepts into actionable requirements for diverse audiences. Preferred Qualifications - Relevant certifications (e.g., CISSP, CISM, OSCP, CSSLP, SANS GIAC) - Experience managing budgets and multi-year roadmaps for security initiatives - Background in highly regulated industries (e.g., financial services) is a plus. - Experience with cloud-native application security and DevSecOps practices. About Liminal Liminal is a compliant and insured digital asset custody and wallet infrastructure provider. Launched in April 2021, Liminal Custody is a CCSS Level 3, SOC Type 2, and ISO 27001 & 27701 certified organization. Based in Singapore, Liminal has operations spread across APAC, MENA, and Europe, along with offices in Singapore,Taiwan , India, and UAE. The company has received an initial approval from VARA. Liminal takes pride in supporting businesses with its qualified and insured custody (self and institutional) that enables stress-free safekeeping of digital assets for institutions. It also provides a cutting-edge wallet infrastructure platform that is secure, compliant, and automated and comes with a plug-and-play architecture for faster onboarding of developers, business partners, and government agencies. Our website - https://www.liminalcustody.com/