We are looking for an Application Security Lead who will take ownership of designing and implementing. Volodys end-to-end application security framework. This is a foundational role where you will define processes, select tools, and embed security into every stage of the development lifecycle. You will work closely with engineering and leadership teams to ensure security is proactive, scalable, and aligned with business growth.

Key Responsibilities :

Build and Implement Security Systems :

- Design and deploy continuous security practices including SAST, DAST, SCA, and secrets scanning

- Integrate security checks seamlessly into CI/CD pipelines

- Establish automated and policy-driven security reviews for all code changes

Secure AI-Assisted Development :

- Define guidelines and guardrails for secure AI-generated code

- Develop workflows for validating and reviewing AI-assisted outputs

- Identify and mitigate risks arising from insecure dependencies and generated code anomalies

Architecture and Threat Modeling :

- Lead threat modeling exercises for critical systems and workflows

- Ensure robust security across APIs, authentication and authorization layers, and data pipelines

- Safeguard sensitive legal and customer data throughout the system

Vulnerability Management :

- Own the complete vulnerability management lifecycle from detection to remediation

- Define severity-based SLAs and ensure timely resolution

- Track and continuously improve key metrics such as mean time to remediate and recurrence rates

External Security and Compliance :

- Coordinate third-party penetration testing and security audits

- Support readiness for compliance frameworks such as SOC 2 and ISO 27001

- Act as the primary security point of contact for enterprise customers and stakeholders

Build a Security-First Culture :

- Promote secure development practices across engineering teams

- Establish and mentor security champions within teams

- Conduct training sessions on secure coding and emerging risks, including those related to AI

Tools and Technology :

You will have the flexibility to define and manage the security stack, which may include :

- Application security platforms such as Snyk, Checkmarx, or GitHub Advanced Security

- Cloud security tools across AWS, GCP, or Azure

- Container security solutions for Docker and Kubernetes environments

- Secrets management and API security tools

Required Qualifications :

- 6 to 10+ years of experience in application or product security

- Proven experience in a high-growth startup or product-based company

- Strong hands-on experience with secure SDLC practices and CI/CD security integration

- Deep understanding of OWASP Top 10, API security, and cloud-native architectures

Preferred Qualifications :

- Experience working with AI/ML systems and understanding associated risks

- Exposure to data-sensitive industries such as legal, fintech, or healthcare

- Experience supporting SOC 2 or ISO 27001 compliance processes

- Background in penetration testing or offensive security

What Success Looks Like in the First Six Months :

- Security scanning is fully implemented and operational across all repositories

- No critical vulnerabilities exist in production systems

- Security is embedded into development workflows without causing friction

- The organization successfully completes an external security audit

- Engineering teams demonstrate strong adherence to secure development practices

Why This Role Matters :

This role is central to building trust in Volodys platform. You will establish the security foundation of a rapidly scaling AI-first product and directly contribute to enabling enterprise adoption and longterm growth.

What We Offer :

- A high-ownership environment with minimal bureaucracy

- Direct collaboration with leadership, including the CEO and CTO

- The opportunity to define and build security systems from the ground up

- Competitive compensation and ESOPs