Manager, Security Engineering

ActBlue

Engineering Manager, Security leading the Security team at ActBlue, focused on security engineering and team management activities.

Posted 4/27/2026full-timeRemote • Arizona, California, Colorado, Connecticut, Florida, Hawaii, Illinois, Maryland, Massachusetts, Minnesota, Missouri, Montana, New Hampshire, New Jersey, New York, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, Rhode Island, South Carolina, Texas, Utah, Vermont, Virginia, Washington, Wisconsin • 🇺🇸 United StatesMid-LevelSenior💰 $173,676 - $210,741 per yearWebsite

Tech Stack

Tools & technologies

AWSCloudSDLC

About the role

Key responsibilities & impact

Team Leadership & Development: Mentoring, and growing security engineers. This includes running 1:1s, career development planning, performance reviews, and building a culture of continuous learning around evolving threats and technologies.
Security Execution: Partnering with engineers on your team and the Sr. Director of Security and Integrity you’ll define and prioritize the team's quarterly and annual security initiatives, aligning them with business objectives and frameworks like NIST CSF, CIS Controls, or SOC 2. Translating risk assessments into actionable engineering work.
Cross-Functional Collaboration: Partnering with Platform, SRE, Legal, IT, Compliance, and Product teams to embed security into the SDLC, incident response processes, and vendor management workflows.
Incident Response & Preparedness: You’ll help the team to maintain the Security incident response program: runbooks, running tabletop exercises, on call schedules, and ensuring timely response to alerts and events.
Product and Cloud Security: Drive product security practices and cloud security posture across our AWS infrastructure, ensuring secure architecture, configuration, and continuous monitoring of our production environments.
Vulnerability & Risk Management: Overseeing application security testing (SAST, DAST, SCA), penetration testing programs (including bug bounty), and ensuring vulnerabilities are triaged, prioritized, and remediated within SLA.
Corporate Security: Partnering with IT, you and the team will help ensure strong protections in corporate security including spam, EDR, and device security is mature and well executed.
Vendor & Third-Party Risk: Helping the team evaluating security vendors, and overseeing third-party risk assessments.
Budget & Resource Planning: In coordination with the other department managers; manage the security budget, justifying tooling spend, headcount requests.

Requirements

What you’ll need

5–7 years managing a team of security engineers or similarly technical ICs. Demonstrated experience with hiring pipelines, structured interview loops, performance calibration, performance, and career laddering.
Comfortable running daily standups and weekly 1:1s as core rituals, not afterthoughts.
Familiar with translating frameworks like NIST CSF or CIS Controls into quarterly OKRs and sprint-level work.
Hands-on experience building or maturing a security program at a mid-size or growth-stage organization.
Experience overseeing AppSec tooling (SAST, DAST, SCA, Container Scanning, Secrets) and programs like penetration testing or bug bounty.
A background working with or managing engineers who build and tune detections in a SIEM, manage alert pipelines, and reduce noise.
Experience running an AI forward team of engineers. You’ll know how to find quick solutions to problems and you’ll help the team to similarly seek out speed and quality of execution via AI related tooling.
A track record of working across engineering, SRE, platform, IT, and legal orgs.
You have deep familiarity with cloud security (AWS), Application Security (particularly web native apps and authentication), endpoint security (EDR), email security (anti-spam/phishing), and device management.
Experience evaluating security vendors, running third-party risk assessments.
You have defined and reported on security KPIs like MTTD, MTTR, vulnerability aging, and coverage metrics.
Demonstrated domain expertise in one or more core security domains and secondary specializations, (e.g. infrastructure security, application security, corporate IT security, security operations)

Benefits

Comp & perks

Flexible work schedules and an unlimited time-off policy
Fully paid and trans-inclusive health, dental, and vision insurance for employees and their families; plus fully-paid health reimbursement arrangement to use for out of pocket expenses and fully-paid short- and long-term disability
Fully paid basic and AD&D life insurance and a voluntary supplemental life insurance option
Dependent and health care flexible spending account options
Employee Assistance Program (EAP) benefits for employees
Automatic 2% Employer-paid 401K contribution, plus up to an additional 6% match on employee contributions
A minimum of three months paid medical, family and parental leave (for all new parents, adoptions included)
Commuter or home-office benefits, including a $1,000 home-office setup allowance for all new full-time remote employees
Additional perks including quarterly snack deliveries and digital subscriptions to the Boston Globe & New York Times

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

security program managementapplication security testingpenetration testingbug bountycloud securityAWSvulnerability managementrisk assessmentsSIEMAI tooling

Soft Skills

team leadershipmentoringcross-functional collaborationperformance reviewscareer development planningincident responsecommunicationproblem-solvingbudget managementresource planning