Manager - Application Security

About the Role:
We are seeking an experienced and technically strong Application Security Manager to lead and mature our application security program. The ideal candidate will have 5 - 8 years of relevant experience, a deep understanding of secure software development, and the ability to work independently while collaborating with cross-functional teams. You will be responsible for integrating security into the software development lifecycle, managing application security initiatives, and enabling secure innovation across the organization.

Responsibilities
Program Leadership:

• Lead and manage the application security program, aligning with the overall security strategy and business objectives.

Secure SDLC Integration

• Integrate security tools, standards, and processes into the product lifecycle (SDLC, CI/CD), ensuring security is embedded from design through deployment.

Security Assessments & Testing

• Oversee and conduct application security assessments, including static and dynamic analysis, manual and automated penetration testing, and code reviews.

Vulnerability Management

• Manage the process for identifying, prioritizing, and remediating application vulnerabilities in collaboration with engineering and product teams.

Threat Modeling & Risk Analysis

• Lead threat modeling and risk analysis activities for new and existing applications, ensuring security requirements are defined and addressed early in the development process.

Policy & Standards Development

• Develop, maintain, and improve secure development standards, policies, and guidelines; ensure compliance with regulatory and industry standards (e.g., PCI, SOX, ISO27001).

Incident Response Support

• Provide application security expertise during incident response and architecture review processes as needed.

Training & Awareness

• Train and mentor developers, QA, and other stakeholders on secure coding practices, secure design, and emerging threats.

Metrics & Reporting

• Produce and communicate metrics and reports on the state of application security, including program effectiveness and development team performance against security requirements.

Vendor & Third-Party Security

• Support vendor security reviews to ensure third-party software and services meet organizational security standards.

Desired Candidate Profile

• 5 - 8 years of experience in application security, software development, or related roles, with a strong track record managing or leading application security programs.
• Deep understanding of common application vulnerabilities (e.g., OWASP Top 10), secure coding practices, and application security testing methodologies.
• Hands-on experience with security tools such as SAST, DAST, IAST, SCA, and penetration testing frameworks.
• Proficiency in at least one major programming language (e.g., Java, C/C++, JavaScript) and familiarity with modern development and testing tools (e.g., Git, JIRA, Maven).
• Experience integrating security into agile and waterfall development processes.
• Strong leadership, communication, and stakeholder management skills, with the ability to influence and educate both technical and non-technical audiences.
• Experience with regulatory and industry standards (PCI, SOX, ISO27001, etc.).
• Ability to translate security and risk concepts into actionable requirements for diverse audiences.

Preferred Qualifications

• Relevant certifications (e.g., CISSP, CISM, OSCP, CSSLP, SANS GIAC)
• Experience managing budgets and multi-year roadmaps for security initiatives
• Background in highly regulated industries (e.g., financial services) is a plus.
• Experience with cloud-native application security and DevSecOps practices.

About Liminal
Liminal is a compliant and insured digital asset custody and wallet infrastructure provider. Launched in April 2021, Liminal Custody is a CCSS Level 3, SOC Type 2, and ISO 27001 & 27701 certified organization. Based in Singapore, Liminal has operations spread across APAC, MENA, and Europe, along with offices in Singapore,Taiwan , India, and UAE. The company has received an initial approval from VARA. Liminal takes pride in supporting businesses with its qualified and insured custody (self and institutional) that enables stress-free safekeeping of digital assets for institutions. It also provides a cutting-edge wallet infrastructure platform that is secure, compliant, and automated and comes with a plug-and-play architecture for faster onboarding of developers, business partners, and government agencies.

Our website -