Senior Manager – Application Security

This is a fully remote position, open to applicants in Netherlands.

📋 Description

• Lead and mentor a globally distributed team of security engineers specializing in application security, offensive testing, secure architecture, and vulnerability remediation.

• Direct and coordinate the team's initiatives while providing project management leadership to team members.

• Facilitate cross-functional and cross-stream initiatives and projects.

• Promote the integration of security within Miro’s Discover, Define, Deliver lifecycle, aligned with the AMPED Ways of Working and Operating Model.

• Collaborate with Product, Engineering, and Design teams to ensure that security considerations are included at the earliest stages of ideation through threat modeling, risk assessments, and abuse-case analysis.

• Shape and advance Miro’s Secure SDLC practices, ensuring security is seamlessly integrated into CI/CD pipelines, infrastructure-as-code, and developer tools.

• Oversee the execution of bug bounty and third-party testing programs, ensuring that vulnerabilities are triaged, communicated, and effectively remediated.

• Build and expand Miro’s Security Champions program to instill security ownership within each engineering team.

• Guide the secure adoption of AI-augmented software development tools, including LLMs utilized for code generation, reviews, or architectural assistance.

• Help envision and safely implement Agentic AI-driven developer and security workflows, including policy-driven autonomous agents that support security automation and decision-making.

• Provide structured guidance, patterns, and reference architectures to assist developers in implementing secure, scalable, and privacy-respecting features.

• Define and track KPIs and success metrics for secure development adoption, vulnerability resolution, and developer engagement.

• Collaborate with Privacy, Legal, and Compliance teams to ensure adherence to regulatory requirements (ISO 27001, SOC 2, GDPR, and emerging AI regulations).

• Cultivate a strong team culture centered on collaboration, learning, and continuous improvement.

⛳️ Requirements

• Over 10 years of experience in software, application, or product security, with substantial experience in secure software development.

• More than 3 years of technical leadership or management experience in a security-focused position.

• Extensive knowledge of threat modeling methodologies (e.g., STRIDE, PASTA) and risk assessment, particularly in a SaaS or product-centric environment.

• Profound expertise in Secure Software Development Lifecycles (SSDLC), including the integration of security into agile and custom development frameworks.

• Proven experience in managing Security Champions programs and enhancing developer engagement.

• Experience in leading offensive security initiatives (penetration testing, red teaming, bug bounty).

• Practical knowledge of governance and assurance frameworks such as ISO 27001, SOC 2, and OWASP SAMM.

• Familiarity with AI/LLM tools (e.g., Cursor, GitHub Copilot, custom LLM integrations) and the related security and governance implications.

• Experience working with AWS and securing API-driven, microservice architectures.

• Ability to manage distributed teams and communicate effectively with both technical and business stakeholders.

🏝️ Benefits

• Equity

• Wellbeing benefit

• WFH equipment allowance

• Annual Learning & Development stipend