App Sec Engineering Manager

Location:

Bangalore , Mumbai

Experience:

7 - 12 Yrs

Work Mode:

Hybrid

Mandatory Skills:Cyber Security,Python/Java/.Net,Checkmarx, Veracode, Snyk, Burp Suite,SDLC,

Devops,CI/CD.

Job Summary

We are seeking an Application Security (AppSec) Engineering Manager to lead our productsecurity team. This role is pivotal in embedding security into every stage of the softwaredevelopment lifecycle (SSDLC). You will manage a team of AppSec engineers, guiding them inidentifying, triaging, and remediating vulnerabilities. Your mission is to "shift left," makingsecurity a seamless part of our engineering culture and ensuring our products are built securelyfrom the ground up.

Leadership & Strategy

• Lead & Mentor: Manage, hire, and develop a high-performing team of application
  

security engineers, fostering their technical and professional growth.

• Develop the Roadmap: Define and execute the multi-year AppSec strategy, aligning
  

with business objectives and the evolving threat landscape.

• Govern the SSDLC: Own and mature the Secure Software Development Lifecycle,
  

integrating security gates, tooling, and processes.

• Be the Advocate: Act as the primary liaison between the security team and
  

engineering/product leadership, translating technical risks into business impact.

• Measure Success: Define and report on key performance indicators (KPIs) such as
  

vulnerability density, remediation time, and security tool coverage.

Technical & Operational

• Toolchain Management: Oversee the selection, implementation, and operation of our
  

AppSec tool suite (e.g., SAST, DAST, SCA, IAST).

• Vulnerability Management: Manage the end-to-end vulnerability lifecycle, from
  

automated detection to prioritized remediation and verification.

• Security Champions Program: Lead and scale our "Security Champions" program to
  

embed security expertise directly within development teams.

• Secure Coding Standards: Develop and enforce secure coding guidelines, providing
  

regular training and resources to engineering teams.

• Design & Review: Guide your team in performing security architecture reviews, threat
  

modeling (e.g., STRIDE), and manual code reviews for high-risk features.

Required Qualifications

• Experience: 7+ years in cybersecurity, with at least 2+ years in a formal leadership or
  

management role.

• Technical Depth: A strong background in software development (e.g., Python, Java,
  

Go, .NET) and a deep understanding of web/mobile application vulnerabilities (OWASP
Top 10, SANS Top 25).

• Tooling Expertise: Hands-on experience managing and integrating AppSec tools (e.g.,
  

Checkmarx, Veracode, Snyk, Burp Suite).

• SSDLC Expert: Proven success in building and scaling a secure SDLC in a modern
  

DevOps/CI/CD environment.

• Communication: Excellent ability to communicate complex security concepts to both
  

technical and non-technical stakeholders.

Preferred Qualifications (Bonus Points)

• Experience running a Bug Bounty program.
• Contributions to open-source security projects or a history of security research.
• Relevant certifications (OSWE, CSSLP, GWEB).
  

Skills: java,.net,leadership,devops,application,burp suite,cicd,python,vulnerability,security,owasp,software,engineering manager,management,app sec,software development,suite,sdlc,application security