Key skills
CI/CDLeadershipCommunicationPenetration Testing
About this role
Role Overview
- Own and manage the Application Security program and secure software development lifecycle (SSDLC).
- Establish, maintain, and continuously improve application security standards, policies, and procedures.
- Ensure security requirements are integrated into engineering roadmaps and development processes.
- Conduct technical security reviews and application security assessments.
- Lead threat modeling initiatives across products and platforms.
- Identify architectural and design-level security risks and partner with engineering teams on mitigation strategies.
- Drive the end-to-end vulnerability management lifecycle for applications and services.
- Establish remediation priorities and accountability across engineering teams.
- Track, report, and improve vulnerability remediation performance and risk reduction metrics.
- Manage external penetration testing engagements and red team activities.
- Coordinate findings validation, remediation planning, and closure activities.
- Ensure testing results are translated into actionable security improvements.
- Oversee implementation and optimization of application security tooling, including:
- SAST
- DAST
- Software Composition Analysis (SCA)
- Secrets detection
- Infrastructure-as-Code scanning
- Integrate security controls and automated testing into CI/CD pipelines.
- Continuously improve security gates while maintaining developer productivity.
- Serve as the primary security partner to Engineering leadership.
- Drive security awareness and secure coding practices across development teams.
- Build scalable processes that enable engineers to identify and address security issues efficiently.
- Promote a culture of shared security ownership.
Requirements
- 7+ years of experience in Application Security, Product Security, or Security Engineering.
- Strong understanding of secure software development practices and modern application architectures.
- Experience performing threat modeling, security assessments, and code review activities.
- Hands-on experience with vulnerability management and remediation programs.
- Experience managing external penetration testing engagements.
- Deep familiarity with modern AppSec tooling and CI/CD security integration.
- Strong communication skills with the ability to influence engineering and product stakeholders.
Benefits
- Competitive salary
- Hybrid work environment (3 days in office per week)
- 100% individual and dependent medical + dental + vision coverage
- 401(K) with a 4% company match
- 20 days PTO
- Iru Wellness Week the first week in July
- Equity for full-time employees
- In-office lunch stipend provided
- Up to 16 weeks of paid leave for new parents
- Paid Family and Medical Leave
- Modern Health mental health benefits for individuals and dependents
- Fertility benefits
- Working Advantage employee discounts
- Onsite fitness center
- Free parking
- Exciting opportunities for career growth