Application Security Manager
TrueML
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteSalary
💰 $150,000 - $190,000 per year
Job Level
Mid-LevelSenior
Tech Stack
AWSCloudMicroservices
About the role
- Develop, implement, and maintain a comprehensive application security strategy aligned with business objectives and industry best practices.
- Lead and mentor the app security team, fostering a culture of security awareness and continuous improvement across the organization.
- Report to leadership on the status of the application security program, including risk posture, incidents, and performance metrics.
- Evaluate and recommend new application security technologies and tools to enhance the organization's security posture.
- Oversee the day-to-day security operations, including monitoring, threat detection, incident response, and vulnerability management.
- Design, implement, and manage security controls for our cloud-based SaaS platform (AWS), corporate network, and endpoints.
- Conduct regular application security assessments, penetration tests, and vulnerability scans, and manage the remediation of identified issues.
- Maintain an application security risk management framework, identifying, analyzing, and treating risks.
- Ensure compliance with relevant regulatory requirements and industry standards (e.g., ISO 27001, NIST, PCI DSS, GDPR).
- Maintain and enforce application security policies, standards, and procedures.
- Liaise and coordinate internal and external security audits.
- Lead the security incident response team, managing all phases of the incident lifecycle from detection and containment to eradication and recovery.
- Conduct post-incident reviews to identify root causes and implement preventative measures.
- Manage, mentor, and develop the application security team.
Requirements
- Bachelor's degree in Computer Science, Information Security, or a related field; or equivalent practical experience.
- 5+ years of experience in application security, with at least 2+ years in a management or leadership role, preferably at a SaaS company.
- Proven experience designing and securing cloud-native environments (e.g., microservices, containers, serverless).
- Strong knowledge of vulnerability analysis, network security, infrastructure security, identity and access management, logging and monitoring, incident response, application security, and data protection technologies.
- Proven experience developing and managing an enterprise-level information security program.
- Relevant security certifications such as CISSP, CISM, or CISA.
- Familiarity with common exploitation techniques, attack vectors, and defensive strategies.
- Experience with SIEM tools, vulnerability scanners, penetration testing and threat model methodologies.
- Understanding of generative AI and its usage within security and engineering as well as best practices.
- Identity Management and Cloud Security.
- Exceptional communication and interpersonal skills to articulate complex security concepts to technical and non-technical audiences.
- Strong leadership, organizational, and project management abilities.
- Excellent problem-solving and decision-making skills.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
application securityvulnerability analysisnetwork securityinfrastructure securityidentity and access managementincident responsedata protectioncloud-native environmentspenetration testingsecurity controls
Soft skills
leadershipcommunicationinterpersonal skillsorganizational skillsproject managementproblem-solvingdecision-makingmentoringsecurity awarenesscontinuous improvement
Certifications
CISSPCISMCISA