Application Security Lead / Manager

Application Security Program Ownership

• Own and manage the Application Security program and secure software development lifecycle (SSDLC).


• Establish, maintain, and continuously improve application security standards, policies, and procedures.


• Ensure security requirements are integrated into engineering roadmaps and development processes.

Security Assessments & Threat Modeling

• Conduct technical security reviews and application security assessments.


• Lead threat modeling initiatives across products and platforms.


• Identify architectural and design-level security risks and partner with engineering teams on mitigation strategies.

Vulnerability Management & Remediation

• Drive the end-to-end vulnerability management lifecycle for applications and services.


• Establish remediation priorities and accountability across engineering teams.


• Track, report, and improve vulnerability remediation performance and risk reduction metrics.

Penetration Testing & Offensive Security

• Manage external penetration testing engagements and red team activities.


• Coordinate findings validation, remediation planning, and closure activities.


• Ensure testing results are translated into actionable security improvements.

Security Tooling & CI/CD Integration

• Oversee implementation and optimization of application security tooling, including:
  
  
  
  • SAST
  
  
  • DAST
  
  
  • Software Composition Analysis (SCA)
  
  
  • Secrets detection
  
  
  • Infrastructure-as-Code scanning
  
  
  
  


• Integrate security controls and automated testing into CI/CD pipelines.


• Continuously improve security gates while maintaining developer productivity.

Engineering Partnership & Enablement

• Serve as the primary security partner to Engineering leadership.


• Drive security awareness and secure coding practices across development teams.


• Build scalable processes that enable engineers to identify and address security issues efficiently.


• Promote a culture of shared security ownership.

• 7+ years of experience in Application Security, Product Security, or Security Engineering.


• Strong understanding of secure software development practices and modern application architectures.


• Experience performing threat modeling, security assessments, and code review activities.


• Hands-on experience with vulnerability management and remediation programs.


• Experience managing external penetration testing engagements.


• Deep familiarity with modern AppSec tooling and CI/CD security integration.


• Strong communication skills with the ability to influence engineering and product stakeholders.

• Experience leading or building AppSec programs in cloud-native environments.


• Knowledge of AWS, Azure, or GCP security best practices.


• Experience with DevSecOps methodologies and automation.


• Relevant security certifications such as CISSP, CSSLP, GWAPT, GWEB, or OSCP.