Application Security Manager

About the Role:
Liminal is
seeking an experienced and technically strong Application Security Manager to lead and mature our application security program. The ideal candidate will have 7–10 years of relevant experience, a deep understanding of secure software development, and the ability to work independently while collaborating with cross-functional teams. You will be responsible for integrating security into the software development lifecycle, managing application security initiatives, and enabling secure innovation across the organization.

Responsibilities:

Program Leadership:

• Lead and manage the application security program, aligning with the overall security strategy and business objectives.

Secure SDLC Integration:

• Integrate security tools, standards, and processes into the product lifecycle (SDLC, CI/CD), ensuring security is embedded from design through deployment.

Security Assessments & Testing:

• Oversee and conduct application security assessments, including static and dynamic analysis, manual and automated penetration testing, and code reviews.

Vulnerability Management:

• Manage the process for identifying, prioritizing, and remediating application vulnerabilities in collaboration with engineering and product teams.

Threat Modeling & Risk Analysis:

• Lead threat modeling and risk analysis activities for new and existing applications, ensuring security requirements are defined and addressed early in the development process.

Policy & Standards Development:

• Develop, maintain, and improve secure development standards, policies, and guidelines; ensure compliance with regulatory and industry standards (e.g., PCI, SOX, ISO27001).

Incident Response Support:

• Provide application security expertise during incident response and architecture review processes as needed.

Training & Awareness:

• Train and mentor developers, QA, and other stakeholders on secure coding practices, secure design, and emerging threats.

Metrics & Reporting:

• Produce and communicate metrics and reports on the state of application security, including program effectiveness and development team performance against security requirements.

Vendor & Third-Party Security:

• Support vendor security reviews to ensure third-party software and services meet organizational security standards.

Desired Candidate Profile:

• 7–10 years of experience in application security, software development, or related roles, with a strong track record managing or leading application security programs.
• Deep understanding of common application vulnerabilities (e.g., OWASP Top 10), secure coding practices, and application security testing methodologies.
• Hands-on experience with security tools such as SAST, DAST, IAST, SCA, and penetration testing frameworks.
• Proficiency in at least one major programming language (e.g., Java, C/C++, JavaScript) and familiarity with modern development and testing tools (e.g., Git, JIRA, Maven).
• Experience integrating security into agile and waterfall development processes.
• Strong leadership, communication, and stakeholder management skills, with the ability to influence and educate both technical and non-technical audiences.
• Experience with regulatory and industry standards (PCI, SOX, ISO27001, etc.).
• Ability to translate security and risk concepts into actionable requirements for diverse audiences.

Preferred Qualifications:

• Relevant certifications (e.g., CISSP, CISM, OSCP, CSSLP, SANS GIAC)
• Experience managing budgets and multi-year roadmaps for security initiatives
• Background in highly regulated industries (e.g., financial services) is a plus.
• Experience with cloud-native application security and DevSecOps practices
  .