Senior Manager, Application Security (Remote)

📋 Description

• • Define, build, and evolve the enterprise Application Security (AppSec) strategy and roadmap aligned to business priorities and risk posture.
• • Own and scale the AppSec program, including secure SDLC standards, policies, and governance across all applications and platforms.
• • Partner with engineering and platform teams to integrate security into CI/CD pipelines, tooling, and developer workflows.
• • Drive threat modeling, security architecture reviews, and vulnerability management to identify and mitigate application-layer risks.
• • Evaluate, implement, and optimize AppSec tooling including SAST, DAST, SCA, API security, and container security, while automating security processes at scale.
• • Build, mentor, and lead a high-performing team of application security engineers and specialists.
• • Collaborate with Engineering, Product, Cloud, Infrastructure, and GRC teams to embed security into product design and delivery.
• • Establish and track key security metrics to measure program effectiveness and communicate risk posture to leadership.
• • Ensure applications meet security, regulatory, and audit requirements while supporting internal and external assessments.
• • Promote a developer-centric security culture through education, training, and adoption of security best practices.
• • Work in a remote or hybrid capacity as the role is open to remote or hybrid candidates across the USA.
• • Operate within a regulated financial services environment with exposure to confidential, proprietary, and customer-sensitive data.
• • Support compliance with applicable state and local laws including the Los Angeles County Fair Chance Ordinance and California Fair Chance Act.
• • Contribute to a culture that embraces diversity, inclusion, and authenticity, where employees are encouraged to bring their full selves to work.
• • Engage with modern application architectures including microservices, APIs, cloud-native, and distributed systems.
• • Influence engineering teams to adopt secure-by-design principles without impeding high-velocity product delivery.
• • Maintain hands-on technical expertise while leading strategic initiatives and team development.
• • Participate in security assessments and audits to validate adherence to internal policies and external regulatory standards.