Senior Application Security Manager

Job Summary:
We are seeking a highly experienced and strategic-minded Senior Manager of Application Security to lead our security initiatives. The ideal candidate will be a seasoned leader with a deep understanding of application security, vulnerability management, and secure software development lifecycle (SDLC) best practices. You will be responsible for building, managing, and scaling our application security program across multiple product lines, ensuring our systems are robust, secure by design, and compliant with all relevant industry standards. This role requires a blend of technical expertise, leadership, and strategic vision

Responsibilities:

• Strategic Program Leadership:

• Develop and execute a comprehensive application security strategy that aligns with business objectives and product roadmaps.
• Build, lead, and mentor a high-performing team of application security engineers and DevSecOps professionals.
• Define and enforce application security policies, standards, and procedures across the organization.

• Security Integration & Automation:

• Oversee the integration of security tools (SAST, DAST, SCA, vulnerability scanners) into the CI/CD pipelines, leveraging both paid and open-source solutions.
• Champion the use of automation to streamline security testing and provide continuous feedback to development teams.
• Direct the development and maintenance of scripts and automation frameworks (e.g., Python, Bash) to orchestrate and scale security tool usage across the enterprise.

• Vulnerability Management & Remediation:

• Establish and manage a robust vulnerability management program, including a formal process for handling client-reported vulnerabilities and penetration test findings.
• Provide expert-level guidance and architectural solutions for complex security vulnerabilities.
• Define and enforce service-level agreements (SLAs) for vulnerability remediation based on severity and business impact, ensuring critical and high-priority issues are fixed promptly.

• Tracking, Reporting, and Audits:

• Implement and manage a centralized system to track all open vulnerabilities (VAs) across the entire product portfolio.
• Generate executive-level reports and dashboards on the company's application security posture for senior leadership and board members.
• Lead and coordinate internal and external security audits, assessments, and compliance initiatives.

• Product-wide Security & Threat Intelligence:

• Implement processes to ensure that a vulnerability discovered in one product or module is systematically evaluated for its existence across all other products and components.
• Proactively monitor and assess emerging threats, vulnerabilities, and security trends, and translate them into actionable plans for the team

• Collaboration & Education:

• Collaborate with engineering, product management, and operations teams to embed security into the early stages of the SDLC.
• Act as the primary subject matter expert on application security for the entire organization.
• Develop and lead security awareness and training programs for engineering teams to foster a culture of security.

Required Skills and Qualifications:

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• 12+ years of progressive experience in application security, with at least 4+ years in a senior management or leadership role.
• Proven experience building and managing an application security program from the ground up.
• Expertise in a wide range of application security tools, including:

o SAST: Veracode, Checkmarx, SonarQube, Semgrep or similar.

o DAST: Invicti, Burp Suite Enterprise, OWASP ZAP, or similar.

o SCA: Snyk, Black Duck, or similar. o Vulnerability Scanners: Nuclei, Qualys, Nessus, or similar

• Demonstrated proficiency in scripting and automation (e.g., Python, Bash) for security tooling integration and data analysis.
• Strong knowledge of CI/CD pipelines (Jenkins, GitLab CI/CD) and cloud platforms (AWS, Azure, GCP).
• Deep understanding of common web application vulnerabilities (OWASP Top 10, CWE) and secure coding principles.
• Exceptional leadership, communication, and interpersonal skills, with the ability to influence and drive change at an organizational level.
• Relevant industry certifications such as CISSP, CSSLP, CISM, or similar are highly preferred