Lead and develop a small team responsible for identifying, assessing, and remediating application security risks across products and container-based infrastructure.
Embed secure design and secure coding practices across global development teams throughout the SDLC and CI/CD pipelines.
Partner closely with engineering, product, and infrastructure teams to prioritize security findings, vulnerabilities, and remediation efforts.
Oversee application security testing activities including SAST, DAST, IAST, threat modeling, and manual code reviews.
Monitor emerging threats and vulnerabilities, triage reported issues, assess risk, and communicate mitigation strategies clearly to stakeholders.
Drive automation and continuous improvement of application security controls, metrics, and security-as-code initiatives.

Requirements

Demonstrated experience leading or mentoring application security engineers or acting as a technical lead in a security-focused role.
Strong background in application security, secure software development practices, and vulnerability management across the SDLC.
Hands-on experience with application security testing methodologies and tools (SAST, DAST, IAST, threat modeling).
Deep understanding of web application security risks, including those outlined in the OWASP Top 10.
Experience collaborating closely with software development teams in modern DevSecOps and cloud-based environments.
Experience with containerized and cloud-native environments (Docker, Kubernetes, AWS native security services).
Familiarity with compliance frameworks such as ISO 27001, SOC II, HITRUST, NIST, or CIS Controls.
Experience with security tooling such as Veracode, Snyk, Checkmarx, BlackDuck, Tenable.io, Cloudflare, Jira, or Confluence.

Benefits

Competitive benefits including: medical/dental/vision insurance, life/accident/disabilities insurance, supplemental health benefits, FSA, EAP and pet insurance
Generous time off (we call it Open Time Away) as well as paid holidays and a birthday benefit day off.
Paid Volunteer Time
401k plan with a company match on your contributions.
Employee-centric and supportive remote work environment with flexibility.
Support for life events including paid parental leave.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

application securitysecure software developmentvulnerability managementSASTDASTIASTthreat modelingweb application securityDevSecOpscloud-native environments

Soft Skills

leadershipmentoringcollaborationcommunicationrisk assessmentproblem-solvingautomationcontinuous improvement

Certifications

ISO 27001SOC IIHITRUSTNISTCIS Controls