Key skills
Application SecurityThreat ModelingSecurity ToolingPeople LeadershipCybersecuritySecure SDLC PracticesProject ManagementVulnerability ManagementRisk IdentificationCommunication SkillsAWSSaaSSDLCLeadershipMentoringCommunicationCollaboration
About this role
ModMed is a company focused on modernizing the healthcare experience through innovative software solutions. The Senior Security Engineering Manager will lead a team responsible for application security and threat modeling, ensuring security capabilities are scalable and aligned with business priorities.
Responsibilities:
- Own the strategy, execution, and continuous improvement of the application security program
- Ensure secure development practices are embedded into SDLC workflows
- Partner with engineering and product teams to balance risk reduction with delivery velocity
- Drive consistency in how AppSec guidance and controls are applied across teams and products
- Own the operational health, effectiveness, and adoption of security tools such as SAST, DAST, SCA, and secrets scanning
- Ensure tooling is reliable, well-integrated, and delivering high signal-to-noise outcomes
- Drive backlog prioritization for tooling improvements, automation, and integration
- Measure and improve tool performance, coverage, and developer experience
- Establish and scale threat modeling practices across engineering teams
- Ensure threat modeling is practical, repeatable, and aligned with real delivery workflows
- Coach engineers on identifying and mitigating architectural and design-level risks
- Ensure outputs translate into actionable engineering and security improvements
- Deep collaboration with the Security Architecture Team
- Build, lead, and develop a high-performing security engineering team
- Provide regular coaching, feedback, and career development support
- Create clarity of ownership while enabling autonomy within guardrails
- Foster an inclusive, accountable, and execution-focused team culture
- Define and own meaningful security engineering metrics including coverage, findings, remediation SLAs, and tooling health
- Track and report progress against commitments for the application security and tooling roadmap
- Manage project delivery for the security engineering vertical
- Translate ambiguous goals into clear plans, priorities, and outcomes
Requirements:
- Bachelor's degree in Computer Science, Information Security, Cybersecurity, Information Technology or equivalent education and experience
- 8+ years of experience in information security, application security, or related engineering fields
- At least 5 years of experience leading or mentoring security engineers or software engineers, including responsibility for prioritization, execution, and delivery of work
- Hands-on experience designing, implementing, or operating application security practices within a software development lifecycle
- Demonstrated experience leading or facilitating threat modeling for modern application architectures
- Experience owning, operating, or scaling security tooling in production environments, including responsibility for reliability, effectiveness, and integration into engineering workflows
- Experience partnering with engineering and product teams to embed security into delivery processes rather than operating as a separate control function
- Application security expertise, including secure SDLC practices, vulnerability management, and design-level risk identification
- Strong understanding of threat modeling methodologies and the ability to apply them pragmatically within engineering workflows
- Ability to operate and evaluate security tooling with a focus on effectiveness, signal quality, and integration into engineering processes
- Strong people leadership skills, including coaching, feedback, and development of security engineers
- Ability to translate ambiguous security and business goals into clear plans, priorities, and measurable outcomes
- Strong execution and project management skills, including roadmap planning, prioritization, and delivery tracking
- Excellent written and verbal communication skills, with the ability to explain security risk and tradeoffs to both technical and non-technical audiences
- Strong judgment and risk-based decision-making capabilities
- Experience as a formal people manager with direct reports, including hiring, performance management, coaching, and career development
- Experience building or scaling an application security or product security function in a growing organization
- Experience defining and owning security engineering roadmaps and delivery commitments
- Experience operating in regulated or high-compliance environments such as healthcare, financial services, PCI, or HIPAA
- Experience working in cloud-native or SaaS environments
- Demonstrated experience optimizing developer experience and adoption of security tooling at scale
- Experience defining and operationalizing security metrics to measure program effectiveness and risk reduction
- Experience leading security initiatives in complex or regulated environments
- Formal security certifications such as CISSP, CSSLP, AWS Security Specialty, or equivalent practical experience