Senior Application Security Manager

Job Summary:

Responsibilities:

• Strategic Program Leadership:

• Develop and execute a comprehensive application security strategy that aligns with business objectives and product roadmaps.
• Build, lead, and mentor a high-performing team of application security engineers and DevSecOps professionals.
• Define and enforce application security policies, standards, and procedures across the organization.

• Security Integration & Automation:

• Oversee the integration of security tools (SAST, DAST, SCA, vulnerability scanners) into the CI/CD pipelines, leveraging both paid and open-source solutions.
• Champion the use of automation to streamline security testing and provide continuous feedback to development teams.
• Direct the development and maintenance of scripts and automation frameworks (e.g., Python, Bash) to orchestrate and scale security tool usage across the enterprise.

• Vulnerability Management & Remediation:

• Establish and manage a robust vulnerability management program, including a formal process for handling client-reported vulnerabilities and penetration test findings.
• Provide expert-level guidance and architectural solutions for complex security vulnerabilities.
• Define and enforce service-level agreements (SLAs) for vulnerability remediation based on severity and business impact, ensuring critical and high-priority issues are fixed promptly.

• Tracking, Reporting, and Audits:

• Implement and manage a centralized system to track all open vulnerabilities (VAs) across the entire product portfolio.
• Generate executive-level reports and dashboards on the company's application security posture for senior leadership and board members.
• Lead and coordinate internal and external security audits, assessments, and compliance initiatives.

• Product-wide Security & Threat Intelligence:

• Implement processes to ensure that a vulnerability discovered in one product or module is systematically evaluated for its existence across all other products and components.
• Proactively monitor and assess emerging threats, vulnerabilities, and security trends, and translate them into actionable plans for the team

• Collaboration & Education:

• Collaborate with engineering, product management, and operations teams to embed security into the early stages of the SDLC.
• Act as the primary subject matter expert on application security for the entire organization.
• Develop and lead security awareness and training programs for engineering teams to foster a culture of security.

Required Skills and Qualifications:

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• 12+ years of progressive experience in application security, with at least 4+ years in a senior management or leadership role.
• Proven experience building and managing an application security program from the ground up.
• Expertise in a wide range of application security tools, including:

o SAST: Veracode, Checkmarx, SonarQube, Semgrep or similar.

o DAST: Invicti, Burp Suite Enterprise, OWASP ZAP, or similar.

o SCA: Snyk, Black Duck, or similar. o Vulnerability Scanners: Nuclei, Qualys, Nessus, or similar

• Demonstrated proficiency in scripting and automation (e.g., Python, Bash) for security tooling integration and data analysis.
• Strong knowledge of CI/CD pipelines (Jenkins, GitLab CI/CD) and cloud platforms (AWS, Azure, GCP).
• Deep understanding of common web application vulnerabilities (OWASP Top 10, CWE) and secure coding principles.
• Exceptional leadership, communication, and interpersonal skills, with the ability to influence and drive change at an organizational level.
• Relevant industry certifications such as CISSP, CSSLP, CISM, or similar are highly preferred