Senior Manager, Application Security

This is a fully remote position, open to applicants in California.

📋 Description

• Define, develop, and enhance the enterprise Application Security (AppSec) strategy and roadmap in alignment with business priorities and risk posture.

• Own and expand the AppSec program, including secure SDLC standards, policies, and governance across all applications and platforms.

• Collaborate with engineering and platform teams to integrate security into CI/CD pipelines, tools, and developer workflows.

• Lead threat modeling, security architecture reviews, and vulnerability management to identify and reduce application-layer risks.

• Assess, implement, and optimize AppSec tools (SAST, DAST, SCA, API security, container security) and automate security processes at scale.

• Build, mentor, and lead a high-performing team of application security engineers and specialists.

• Work alongside Engineering, Product, Cloud, Infrastructure, and GRC teams to incorporate security into product design and delivery.

• Establish and monitor key security metrics to evaluate program effectiveness and communicate risk posture to leadership.

• Ensure applications comply with security, regulatory, and audit requirements while facilitating internal and external assessments.

• Promote a developer-centric security culture through education, training, and the adoption of security best practices.

⛳️ Requirements

• 8+ years of experience in application security, security engineering, or relevant cybersecurity roles.

• 3+ years of experience leading or managing teams within a security or engineering organization.

• Strong expertise in secure application development, encompassing secure coding, threat modeling, and SDLC integration.

• Profound understanding of modern application architectures (microservices, APIs, cloud-native, distributed systems).

• Experience in implementing DevSecOps practices and integrating security into CI/CD pipelines.

• Practical experience with application security tools (SAST, DAST, SCA, container security, API security).

• Proven ability to assess and prioritize risk, driving remediation across engineering teams.

• Excellent cross-functional communication and stakeholder management skills.

• Established ability to influence engineering teams and promote the adoption of security practices.

• Bachelor's degree in computer science, Information Security, or a related field (or equivalent experience).

🏝️ Benefits

• Medical

• Dental

• Vision

• 401k

• PTO/paid sick leave

• Employee stock purchase plan