Application Security Manager

Key Responsibilities

Security in the SDLC

Own and enforce DevSecOps practices across CI/CD pipelines (SAST, DAST, SCA, and other practices)
Integrate automated security tooling into development workflows; reduce manual security gates
Partner with development teams to perform secure code reviews and threat modeling

Vulnerability & Risk Management

Drive vulnerability identification, triage, and remediation across infrastructure and applications
Manage security tooling stack
Produce and maintain a risk register; track remediation SLAs

Penetration Testing, crowd testing & Incident Response

Lead or coordinate internal/external penetration testing cycles
Manage crowd testing campaigns
Develop and maintain an incident response playbook; support incident investigations

Compliance & Governance

Support compliance with SOC 2, ISO 27001, GDPR, and relevant data protection frameworks
Define and enforce security policies, standards, and developer security training

Leadership & Collaboration

Act as the primary security SME for the engineering organization
Mentor developers on secure coding practices; build a security-first engineering culture
Interface with external auditors, clients, and the executive team on security posture

Requirements

5+ years of experience in application security, or security engineering
Demonstrated experience managing security in software development environments (not just ops/infrastructure)
Strong development background, proficiency in at least 1 language (eg: Python, Go, Java, C#)
Hands on experience with CI/CD security tooling (SAST/DAST/SCA integration, secrets management)
Experience with cloud security (AWS, Azure, or GCP) and container security (Docker, Kubernetes)
Familiarity with SOC 2 or ISO 27001 compliance frameworks
Excellent English communication skills (written and verbal)

Preferred/Nice to Have