Description :

We are seeking an Application Security (AppSec) Engineering Manager to lead our product security team.

This role is pivotal in embedding security into every stage of the software development lifecycle (SSDLC).

You will manage a team of AppSec engineers, guiding them in identifying, triaging, and remediating vulnerabilities.

Your mission is to "shift left," making security a seamless part of our engineering culture and ensuring our products are built securely from the ground up.

What You'll Do :

Leadership & Strategy :

- Lead & Mentor : Manage, hire, and develop a high-performing team of application security engineers, fostering their technical and professional growth.

- Develop the Roadmap : Define and execute the multi-year AppSec strategy, aligning with business objectives and the evolving threat landscape.

- Govern the SSDLC : Own and mature the Secure Software Development Lifecycle, integrating security gates, tooling, and processes.

- Be the Advocate : Act as the primary liaison between the security team and engineering/product leadership, translating technical risks into business impact.

- Measure Success : Define and report on key performance indicators (KPIs) such as vulnerability density, remediation time, and security tool coverage.

Technical & Operational :

- Toolchain Management : Oversee the selection, implementation, and operation of our AppSec tool suite (e.g., SAST, DAST, SCA, IAST).

- Vulnerability Management : Manage the end-to-end vulnerability lifecycle, from automated detection to prioritized remediation and verification.

- Security Champions Program : Lead and scale our "Security Champions" program to embed security expertise directly within development teams.

- Secure Coding Standards : Develop and enforce secure coding guidelines, providing regular training and resources to engineering teams.

- Design & Review : Guide your team in performing security architecture reviews, threat modeling (e.g., STRIDE), and manual code reviews for high-risk features.

Required Qualifications :

- Experience : 7+ years in cybersecurity, with at least 2+ years in a formal leadership or management role.

- Technical Depth : A strong background in software development (e.g., Python, Java, Go, .NET) and a deep understanding of web/mobile application vulnerabilities (OWASP Top 10, SANS Top 25).

- Tooling Expertise : Hands-on experience managing and integrating AppSec tools (e.g., Checkmarx, Veracode, Snyk, Burp Suite).

- SSDLC Expert : Proven success in building and scaling a secure SDLC in a modern DevOps/CI/CD environment.

- Communication : Excellent ability to communicate complex security concepts to both technical and non-technical stakeholders.

Preferred Qualifications (Bonus Points) :

- Experience running a Bug Bounty program.

- Contributions to open-source security projects or a history of security research.

- Relevant certifications (OSWE, CSSLP, GWEB).