Senior Manager – Application Security & Risk Assessment

Job Title

Senior Manager – Application Security & Risk Assessment

Location

Bangalore, India

Experience

6+ years (preferably 8+ years for Senior Manager readiness)

Role Overview

Senior Manager – Application Security & Risk Assessment

The incumbent will be responsible for embedding security across the application lifecycle, conducting advanced application risk assessments, and aligning security controls with business risk appetite.

Key Responsibilities

Application Security Leadership

• Lead and oversee

  application security programs

  across web, mobile, cloud-native, and API-based applications.
• Define and implement

  secure SDLC (SSDLC)

  practices including security requirements, design reviews, code reviews, and testing.
• Drive application security strategy aligned with enterprise risk management and regulatory requirements.

Risk Assessment & Dynamic Risk Methodology

• Design and execute

  dynamic, risk-based application security assessments

  considering threat context, business criticality, exploitability, and impact.
• Perform and review

  application risk assessments

  , threat modeling (STRIDE, attack trees), and risk scoring frameworks (CVSS with business context).
• Translate technical findings into

  risk-focused insights

  for senior leadership and business stakeholders.

Security Testing & Vulnerability Management

• Oversee

  SAST, DAST, IAST, SCA

  , and penetration testing programs.
• Review and validate findings from VAPT, bug bounty, and red team exercises.
• Drive remediation prioritization based on

  risk severity and business exposure

  , not just vulnerability scores.

Governance, Compliance & Stakeholder Management

• Ensure application security controls align with

  ISO 27001, NIST, OWASP, and internal security standards

  .
• Partner with Engineering, DevOps, Architecture, Risk, and Compliance teams to embed security early in development.
• Present risk assessments, dashboards, and executive summaries to senior management and clients.

Team & Practice Development

• Mentor and manage application security and risk assessment teams.
• Develop reusable risk frameworks, assessment templates, and security playbooks.
• Support pre-sales, proposals, and client advisory engagements related to application security.

Required Skills & Experience

Technical & Functional Expertise

• 6+ years of experience in

  Application Security, Information Security, or Cyber Risk

  roles.
• Strong hands-on knowledge of:
• Web, mobile, API, and cloud application security
• OWASP Top 10, API Top 10, and common attack vectors
• Secure coding practices and architectural risk analysis
• Proven experience in

  risk-based and dynamic risk assessment methodologies

  .
• Strong understanding of DevSecOps tools and CI/CD security integration.

Certifications (Any combination of major certifications preferred)

• CISSP
• CISM
• CISA
• CCSP
• OSCP / OSWE / GWAPT
• CEH (Practical preferred)
• CRISC
• Any equivalent advanced cybersecurity or application security certification

Soft Skills

• Strong analytical and risk articulation skills
• Ability to communicate complex security risks in business terms
• Proven experience managing senior stakeholders and client-facing engagements
• Leadership, mentoring, and decision-making capability

Education

• Bachelor’s degree in Engineering, Computer Science, Information Security, or equivalent
• Master’s degree or security specialization is a plus