Senior Manager, Application Security
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Sr Manager, Application Security leading application security initiatives at PayNearMe, ensuring secure coding practices. Collaborating with engineering leaders on security integration in CI/CD pipelines.
Responsibilities:
- Lead the Application Security team, including hiring, mentoring, and performance management.
- Define and execute the Application Security roadmap aligned with business priorities and regulatory obligations (e.g., PCI, SOC 2).
- Partner closely with Engineering, Product, QA, Infrastructure, and DevOps leadership to embed security early in the SDLC.
- Oversee security design reviews and code security reviews across: Go-based microservices, Ruby-based monolith applications
- Provide technical guidance on secure architecture decisions in a cloud-first (AWS) environment.
- Own and continuously improve the organization’s threat modeling framework and ensure it’s embedded in new feature development and architectural changes.
- Ensure SAST and SCA tooling is integrated into CI/CD and appropriately tuned to reduce false positives.
- Drive meaningful reporting dashboards for Development and Engineering leadership.
- Establish and operationalize a risk-based vulnerability prioritization framework and scoring rubric aligned with OWASP guidance and applicable industry standards.
- Act as a trusted advisor to Engineering leadership and influence architectural decisions that reduce systemic risk.
Requirements:
- 8+ years of experience in Application Security or Secure Software Engineering
- 3+ years leading or managing technical security teams
- Strong hands-on experience with: Ruby (Rails) application security, Go (Golang) application security
- Deep knowledge of: Secure SDLC practices, Threat modeling methodologies (e.g., STRIDE, attack trees), SAST and SCA tools and rule tuning, OWASP Top 10 and API Security Top 10
- Experience integrating security tools into CI/CD pipelines.
- Familiarity with cloud-native application security in AWS environments.
- Strong understanding of microservices security patterns (service-to-service auth, token handling, API gateways, etc.).
- Strong communicator capable of influencing senior engineering leaders.
Benefits:
- Competitive salary and benefits with growth-company options grant
- Fast-paced and professional work culture
- Stock options with standard startup vesting - 1 year cliff; 4 years total
- $50 monthly communication expense stipend to go towards your phone/internet bill
- $250 stipend to enhance your WFH setup
- Reimbursement for peripheral equipment: monitor (up to $400), keyboard and mouse (up to $200)
- Premium medical benefits including vision and dental (100% coverage for employees)
- Company-sponsored life and disability insurance
- Paid parental bonding leave
- Paid sick leave, jury duty, bereavement
- 401k plan
- Flexible Time Off (our team members typically take off ~3-4 weeks per year)
- Volunteer Time Off
- 13 scheduled holidays
Similar Jobs
Director of Information Systems Security – ISSO
Director of Information Systems Security at WiredPeople leading security and compliance initiatives. Managing a team to safeguard information assets with oversight of regulatory frameworks.
Cloud Security Engineer
Cloud Security Engineer securing applications for Virta Health, reversing metabolic diseases. Leading application security initiatives and collaborating across teams for secure development practices.
Senior Staff Security Engineer
Senior Staff Security Engineer architecting scalable security solutions for diverse clients. Leading technical strategy and compliance across multi-tenant environments while mentoring senior engineers.
Intern, Blue Team – Wazuh
Intern supporting cybersecurity operations and incident response within Wazuh environment. Join a specialized cyber security team for monitoring and strategic incident response in Brasil.
Managed Security Services Engineer I
Managed Security Services Engineer at Radian Generation focusing on renewable energy technologies. Collaborating with Managed Security Service Providers to enhance cybersecurity and IT management.
Senior Software, Security Architect – Embedded Cybersecurity Platform
Lead Security Architect for implementing embedded cybersecurity solutions for AURA Technologies. Collaborate with the Chief Architect and build a security-focused engineering team.
Head of Security
Head of Security overseeing security strategies, compliance, and operations for AI training data platform. Leading security initiatives and building trust with partners in a high-growth environment.
Security Engineer
Security Engineer managing privileged access and CyberArk technologies at Prime Therapeutics. Safeguarding systems from unauthorized access and ensuring compliance with security standards.
Security Advisor
Security Advisor consulting on information security and compliance for higher education institutions. Assessing customer environments and providing recommendations for improvement.
Lead Manager, Security Governance, Risk & Compliance
Lead Manager in Security Governance, Risk & Compliance at Make-A-Wish America. Supporting GRC and managing risks to ensure compliance with regulations and standards.
Senior Director – Cyber Security Architecture and Engineering Services
Senior Director of Cybersecurity Architecture at U.S. Financial Technology leading cloud-based security initiatives. Ensuring compliance and enhancing efficiencies in cybersecurity architecture and engineering.
Information Security Engineer
Information Security Engineer responsible for optimizing security platforms at Deel's global remote environment. Leading cybersecurity initiatives and collaborating with teams worldwide.
Workday Security Administrator – Modernization Program
Workday Security Administrator managing security configuration and access controls for WVU. Collaborating across HR, Finance, and IT to ensure system integrity and compliance.
Security Engineer, Offensive Security
Security Engineer focusing on advanced vulnerability management and Pentesting as a service at Thrive. Collaborating with clients and ensuring high security standards while fostering trust in cybersecurity capabilities.
Cyber Security Expert – Senior Director/Analyst
Senior Director Analyst supporting national defense modernization and innovation through cybersecurity expertise. Analyzing global market trends and delivering actionable insights to executive clients.
Software Engineer – Product Security
Product Security Engineer developing and operating enterprise security controls. Collaborating with product teams at Allstate to enhance security practices.
Regional Channel Lead – Security & Identity
Channel Account Manager responsible for architecting partner ecosystems and driving revenue. Joining SecureW2's mission towards passwordless security solutions.
Senior Consultant, Penetration Testing
Senior Consultant in Penetration Testing for independent IT management and cybersecurity consultancy. Engaging in web and infrastructure penetration tests and improving client IT security.
Enterprise Account Executive, Cloud Security
Enterprise Account Executive at Foresite selling Google Cloud Security solutions. Collaborating with Google and security specialists to drive revenue growth in mid-market and enterprise accounts.
Cyber Security Engineer – Contract
Cyber Security Engineer responsible for security technologies and operational initiatives at Sunshine Enterprise. Implementing, integrating, and maintaining security technologies across a large-scale environment.