Manager Application Security

Job Summary

Responsibilities

• Lead, develop, grow, and retain a team of Application Security engineers to deliver high-impact projects and experiences to our customers and internal users.
• Scale the team as the organization grows, including hiring and onboarding new security talent and building future leaders.
• Ensure the team has the right processes and procedures to assist with threat modeling, secure design reviews, risk acceptance and security code reviews.
• Act as an industry expert in application security engineering practices and standards and guide the team to mature the Application Security program.
• Identify the opportunities to automate the Application Security scanning processes and guide the team to improve efficiency and achieve scalability. 
• Develop security policies, standards, playbooks, secure coding training content, and a security champions program.
• Create and maintain documentation for integrated security processes, controls, and incident response playbooks.
• Develop and maintain a technical roadmap for security tooling and controls to stay ahead of evolving threats.
• Translate technical security strategies into business-aligned objectives for product and executive leadership.
• Set the multi-quarter technical and organizational strategy for product and application security, aligned with company priorities and risk posture.
• Own the design, delivery, and long-term evolution of AI platform security, governance frameworks, and security team visibility.
• Establish and scale product security review practices that shift security engagement earlier in the product lifecycle and are adopted broadly across engineering.
• Act as a senior security partner to engineering, product, and business leadership, influencing architectural decisions and balancing security risk with business outcomes.
• Stay updated on the latest security threats, vulnerabilities, and technology trends, and proactively implement improvements. 

Qualifications

• Bachelor’s degree in Computer Science, Electrical Engineering, a related field, or equivalent professional experience. Master’s degree is a plus
• 10+ years of combined hands-on experience in software engineering and application and infrastructure security
• 3+ years of engineering management experience leading security teams (AppSec, DevSecOps)
• Passionate about building diverse, high-performing teams and growing engineers in a fast-paced environment
• Experience leading application security, platform, or infrastructure teams at scale, with clear ownership of strategy, execution, and outcomes
• Deep expertise in application and product security, with a strong understanding of modern software development processes and methods, security best practices, threat modeling, and risk assessment
• Experience securing complex cloud and on-premise environments (Kubernetes, Docker, AWS/GCP)
• Knowledgeable in AI/ML security risks and mitigations
• Excellent communication skills, both written and verbal, and the ability to communicate complex security concepts to technical and non-technical audiences, including senior leadership
• Proven ability to establish credibility and build trust with engineers and operational staff
• Strong understanding of cryptography and key management use cases
• Strong understanding of secure SDLC practices and practical experience with CI/CD pipelines and DevOps tools
• Proficiency in one or more modern programming languages like NodeJS, Golang, Python, Java, and C/C++

Preferred Qualifications: 

• Consulting experience in application security, penetration testing, and/or red teaming
• Experience leading AI-enabled application security programs, security assessments, and penetration testing
• Experience researching, recommending, and operationalizing AI security products and features
• Deep knowledge of cloud security, networking security, Android or iOS security, IoT, or Wi-Fi
• Security or technical conference participation, paper submissions, and public presentations
• Participation in cyber security and/or open-source software communities