Application Security Manager

At Pearson, we are the world's learning company with over 24,000 employees across 70 countries. Our mission is to combine world-class educational content and assessment, powered by services and technology, to enable more effective teaching and personalised learning at scale. We believe that wherever learning flourishes, so do people.

In this exciting and fast-paced role, you will lead the design, implementation, and continuous improvement of Pearson's global Application Security program, with a strong focus on technical enablement and automation. As an Application Security Manager, you'll operate at the intersection of security engineering, DevSecOps, and cloud-native development, helping secure a diverse portfolio of hundreds of applications built across AWS, Azure, and GCP.

You'll work closely with engineering, DevOps, SRE, and product teams to embed security into every stage of our CI/CD pipelines, ensuring that security is scalable, automated, and aligned with Pearson's rapid adoption of AI-driven technologies.

What You'll Do

• Design and lead our technical application security strategy, focusing on automation, cloud-native security, and secure software development.
• Manage the local application security team and align them with the broader goals of the global Application Security organization.
• Drive adoption and integration of SAST, DAST, SCA, IaC security, container scanning, RASP, and secret scanning tools.
• Build and enhance automation pipelines that support real-time vulnerability detection and remediation across our development lifecycle.
• Lead the Developer Security Champion program, engaging and mentoring engineers across the business to create a security-first culture.
• Collaborate with DevOps and SRE teams to design secure, scalable cloud infrastructure and application deployment models.
• Translate security requirements into actionable tooling, architecture, and secure coding practices.
• Support security initiatives related to AI/ML-driven development, model security, and responsible use of AI in software.
• Continuously evolve AppSec KPIs and metrics to track risk, compliance, and team effectiveness.

What You Bring

• Significant hands-on experience (7+ years) in application security, software engineering, or DevSecOps.
• Solid development background — ideally in Java and JavaScript.
• Proven experience implementing and managing AppSec tooling (SAST, DAST, SCA, IaC, RASP, secrets detection).
• Deep knowledge of cloud environments (Azure, AWS, GCP) and cloud-native security principles.
• Strong background in building and securing infrastructure using Infrastructure as Code (e.g., Terraform, ARM).
• Experience supporting and securing modern application architectures including containers and microservices.
• Familiarity with OWASP Top 10, threat modeling, and secure design patterns.
• Exceptional communication and cross-functional collaboration skills; you're comfortable working across Dev, Ops, and Security organizations.
• Experience mentoring or managing a team and running security champion initiatives is a big plus.
• Industry certifications (e.g., OSWE, GSSP, CISSP, CSSLP) are desirable.

Who We Are
At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are. To learn more: We are Pearson.

Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing

Job:
Security

Job Family:
TECHNOLOGY

Organization:
Corporate Strategy & Technology

Schedule:
PART_TIME

Workplace Type:
Hybrid

Req ID:
20642