Engineering Manager, Application Security

At Qualia, we've built the leading B2B real estate technology that transforms the home buying and selling experience into a simple, secure, and enjoyable process. Our SMB and Enterprise products bring together users from across the real estate ecosystem---homebuyers and sellers, lenders, title and escrow agents, and real estate agents---onto a single shared digital closing platform, providing greater clarity and transparency to real estate transactions. Today, through our business customers across the country, millions of consumers use Qualia to close on homes every year.

WHAT YOU'LL WORK ON

We are hiring an entrepreneurial Engineering Manager to lead Qualia's Application Security team. This is a builder's role. You won't just run a team - you'll redesign how a modern AppSec function operates when AI can do the first pass on nearly everything we used to do by hand.

The team today owns secure design reviews, vulnerability triage, internal penetration testing, incident response support, and security tooling across a JavaScript/NodeJS and Kubernetes stack. Your mandate is to scale that surface area vertically - growing output and coverage per engineer - by making AI-assisted workflows the default. That means automated pen testing pipelines, AI-driven triage of findings from SAST/DAST/SCA, agentic review of engineering proposals and design docs, and continuous red-teaming exercises that test both our systems and our assumptions.

You'll partner closely with Platform, Infra, and product engineering leaders to embed security earlier in the development lifecycle, and you'll be the team's voice when we set the security vision for the next two years - including anomaly detection across production traffic, model-driven threat hunting, and how we defend against (and responsibly use) AI-enabled attackers.

Securing that platform - the money, the identities, and the documents flowing through it - is what the Application Security team does every day. We're hiring an Engineering Manager to lead this team into its next chapter: one where AI is a force multiplier for every part of our security program.

RESPONSIBILITIES

• Lead and grow the Application Security team - coaching senior AppSec engineers, setting goals, and owning delivery against the security roadmap
• Build the automated pen-testing program. Stand up pipelines that run continuous, AI-assisted offensive testing against our services, APIs, and web properties - and turn the output into a triaged, actionable queue
• Scale triage with AI. Design the workflows and tooling that let the team handle 10x the volume of findings (bug bounty, scanner output, customer reports) without 10x the headcount
• Review engineering proposals. Sit at the front of the design process with engineering leaders across Core, Clear, Shield, Connect, and Atlas - reviewing RFCs and proposals, flagging risk early, and helping teams ship securely by default
• Run red-teaming exercises. Drive recurring red team engagements - both internal exercises and coordinated vendor work - and close the loop into detection, response, and product hardening
• Own the AppSec vision. Partner with the leadership team to set multi-quarter strategy across anomaly detection, threat modeling, and AI-augmented defense
• Fight fires when they happen. Lead incident response from the application security side, and be the person engineering trusts to make the call in the room
• Mentor and hire. Recruit strong AppSec engineers, mentor the ones you have, and build a team culture where people are pushed and supported in equal measure

YOUR BACKGROUND THAT LIKELY MAKES YOU A MATCH

• 5+ years as a security or full-stack engineer working on production systems, with 2+ years managing a security or platform engineering team
• Hands-on depth in application security: threat modeling, code review, and at least one offensive-security discipline (pen testing, red team)
• Track record of shipping automation that changed how a team worked - ideally including meaningful use of LLMs, agents, or ML in a security or engineering workflow
• Comfort operating across the full security lifecycle: prevention, detection, response, and recovery
• Strong written communication. You can write the design doc, the post-mortem, and the board-ready summary - and you can tell a product engineer why their proposal needs to change without shutting down the conversation
• Keen product sense and a bias toward measurable impact. You care whether the risk actually went down, not whether a ticket got closed
• Experience in fintech, real estate tech, or another regulated, high-liability domain preferred

NICE TO HAVE

• Background designing or operating anomaly-detection systems on production traffic, auth logs, or financial transactions
• Published research, CVEs, or conference talks in AppSec, offensive security, or AI security.
• Familiarity with the evolving landscape of AI-enabled offense (prompt injection, model abuse, agent exploitation) and defense

THE TECH STACK YOU'LL USE

• JavaScript / NodeJS / Typescript  / Meteor
• Microservice architecture / Kubernetes Operators
• AWS
• MongoDB
• Modern AppSec tooling: SAST/DAST/SCA and an expanding AI-assisted security automation layer that you'll help build

While this role is remote work eligible, we have three office locations: San Francisco, California; Concord, New Hampshire; and Austin, Texas.

This role has a base annual salary of $210,000-$240,000 plus a competitive equity and benefits package. (Salary to be determined by relevant experience, location, knowledge, and skills of the applicant, internal equity, and alignment with market data.)

WHY QUALIA

Qualia is made up of incredibly bright, mission-driven coworkers who are passionate about using technology to solve real-world problems---and we're growing quickly. In order to continue building an engaging and dynamic organization, we're committed to giving everyone the support they need to do great work.

Our benefits package is designed to allow our team members to be their best selves, both in and out of the workplace. In addition to comprehensive health plans, a 401k program, and commuter benefits, we prioritize family and personal well-being through professional development, parental leave, and a flexible time off policy. Qualia offers a robust online onboarding program to train new hires, biweekly all hands meetings, and a variety of internal virtual events to keep employees connected.

We believe diverse perspectives and backgrounds are critical to building great technology, and our goal is to cultivate an environment where people feel equally valued and respected. Qualia is proud to be an equal-opportunity workplace, and we welcome applicants from all backgrounds regardless of race, color, ancestry, religion, gender identity or expression, sexual orientation, marital status, age, citizenship, socioeconomic status, disability, or veteran status.

By submitting your application, you acknowledge and agree to the collection, processing, and use of your personal information as described in our Employee Data Privacy Notice.

#LI-Remote