We are seeking a Sr Manager, Application Security to lead and mature our Application Security program across a complex environment consisting of both a Ruby-based monolith and distributed Go microservices. This leader will be responsible for building, scaling, and operationalizing secure development practices that integrate seamlessly into our CI/CD pipelines and Agile delivery model.
This role will oversee application security reviews, threat modeling, secure code practices, and optimization of SAST/SCA tooling to ensure meaningful, actionable insights for Engineering leadership. The ideal candidate combines strong technical depth with strategic leadership and the ability to drive security outcomes in a fast-moving fintech environment.
Responsibilities:
- Lead the Application Security team, including hiring, mentoring, and performance management.
- Define and execute the Application Security roadmap aligned with business priorities and regulatory obligations (e.g., PCI, SOC 2).
- Partner closely with Engineering, Product, QA, Infrastructure, and DevOps leadership to embed security early in the SDLC.
- Oversee security design reviews and code security reviews across:
- Go-based microservices
- Ruby-based monolith applications
- Provide technical guidance on secure architecture decisions in a cloud-first (AWS) environment.
- Own and continuously improve the organization鈥檚 threat modeling framework and ensure it鈥檚 embedded in new feature development and architectural changes.
- Ensure SAST and SCA tooling is integrated into CI/CD and appropriately tuned to reduce false positives.
- Drive meaningful reporting dashboards for Development and Engineering leadership.
- Establish and operationalize a risk-based vulnerability prioritization framework and scoring rubric aligned with OWASP guidance and applicable industry standards.
- Act as a trusted advisor to Engineering leadership and influence architectural decisions that reduce systemic risk.