Application Security Manager

Job Description

So, what will your new role look like?

As an Application Security Manager, you will be responsible for driving the security posture of our products by operationalizing and managing our application security program. You will oversee the identification, remediation, and closure of security vulnerabilities within our codebase. Your role will be instrumental in ensuring that security best practices are embedded throughout the Software Development Lifecycle (SDLC) while maintaining strong collaboration with our engineering teams.

You will work will involve three key pillars:

1. Program Management – Develop, implement, and oversee all aspects of the AppSec program, ensuring vulnerabilities are systematically identified and remediated.
2. Stakeholder Management – Partner with developers, product managers, and other stakeholders to enable a security-first mindset without disrupting agile development workflows.
3. Technical Expertise – Act as a hands-on security expert, performing security reviews, threat modelling and contributing to secure coding practices.

Responsibilities:

• Lead the operational execution of the application security program across all products;
• Perform security reviews, threat modeling, and penetration testing for new features and major code changes;
• Identify, assess, and report security vulnerabilities, ensuring timely remediation and closure;
• Develop security tooling and automation to improve vulnerability detection and response;
• Collaborate closely with development teams to enhance secure coding awareness and best practices;
• Investigate and validate externally reported security vulnerabilities;
• Monitor emerging threats and security research to proactively enhance our security posture;
• Define and implement security requirements for application architecture and development processes;
• Support security incident response efforts, contributing to forensic analysis and remediation;
• Establish and track key AppSec metrics to measure program effectiveness and continuous improvement.

A typical week?   

• Engage with engineering teams to review code, conduct security assessments, and drive remediation efforts;
• Collaborate with product managers and stakeholders to integrate security requirements into development workflows;
• Develop and refine security automation tools to streamline vulnerability identification and management;
• Participate in security architecture reviews and design discussions;
• Monitor security alerts and vulnerabilities, triaging and prioritizing responses as needed;
• Contribute to security awareness training and advocate for secure development best practices.

What does your future team look like?   

You will work closely with engineering, security, and product teams to implement security controls, assess risks, and promote a security-first culture. Your role is hands-on and influential, ensuring that security is a business enabler rather than an obstacle.

What are the next challenges awaiting your team?   

• Expanding and scaling the application security program across a growing portfolio of SaaS products;
• Enhancing security automation and tool integration within CI/CD pipelines;
• Strengthening developer security awareness and secure coding capabilities;
• Participating in the incident response processes and reducing risk across cloud-native environments.

Qualifications

• 8+ years of experience in Application Security and running an AppSec program;
• Deep understanding of web application security fundamentals, OWASP Top 10, and CWE Top 25;
• Hands-on experience with secure code reviews in Java, .NET, PHP, Go, C, C++, Python, Swift, or Kotlin;
• Experience integrating security into the SDLC, including SAST, DAST, SCA, and fuzzing;
• Proficiency in scripting languages (Python, Bash) for security automation;
• Familiarity with authentication protocols such as OIDC, SAML, and OAuth;
• Solid understanding of cloud-native security principles and modern infrastructure security controls;
• Strong ability to communicate security risks and best practices to technical and non-technical stakeholders;
• Experience leading technical security projects and influencing security culture within engineering teams.