Key skills
Security EngineeringSecurity Program DevelopmentNIST CSFCIS ControlsSOC 2Application SecuritySASTDASTSoftware Composition AnalysisContainer ScanningSecrets ManagementPenetration TestingBug Bounty ProgramsSecurity Incident ResponseSecurity MonitoringSIEMCloud SecurityAWSEndpoint SecurityEDREmail SecurityAnti-SpamPhishing ProtectionDevice ManagementThird-Party Risk AssessmentSecurity KPIsMTTDMTTRVulnerability ManagementSecurity OperationsAISDLCMentoringOKRs
About this role
ActBlue is a nonprofit organization dedicated to creating technology that fuels Democratic victories. They are seeking an Engineering Manager for their Security team to lead and develop security engineers while managing the security team's strategic roadmap and collaborating with various departments to enhance ActBlue's security program.
Responsibilities:
- Mentoring, and growing security engineers. This includes running 1:1s, career development planning, performance reviews, and building a culture of continuous learning around evolving threats and technologies
- Partnering with engineers on your team and the Sr. Director of Security and Integrity you’ll define and prioritize the team's quarterly and annual security initiatives, aligning them with business objectives and frameworks like NIST CSF, CIS Controls, or SOC 2. Translating risk assessments into actionable engineering work
- Routinely you’ll run daily standups with the team and help the team plan, coordinate, and shepherd tactical work to be done
- Partnering with Platform, SRE, Legal, IT, Compliance, and Product teams to embed security into the SDLC, incident response processes, and vendor management workflows
- You’ll help the team to maintain the Security incident response program: runbooks, running tabletop exercises, on call schedules, and ensuring timely response to alerts and events
- Drive product security practices and cloud security posture across our AWS infrastructure, ensuring secure architecture, configuration, and continuous monitoring of our production environments
- Overseeing application security testing (SAST, DAST, SCA), penetration testing programs (including bug bounty), and ensuring vulnerabilities are triaged, prioritized, and remediated within SLA
- Defining and tracking KPIs (mean time to detect/respond, vulnerability remediation rates, coverage metrics) and reporting security posture to executive stakeholders
- Partnering with IT, you and the team will help ensure strong protections in corporate security including spam, EDR, and device security is mature and well executed
- Helping the team evaluating security vendors, and overseeing third-party risk assessments
- In coordination with the other department managers; manage the security budget, justifying tooling spend, headcount requests
Requirements:
- 5–7 years managing a team of security engineers or similarly technical ICs
- Demonstrated experience with hiring pipelines, structured interview loops, performance calibration, performance, and career laddering
- Comfortable running daily standups and weekly 1:1s as core rituals, not afterthoughts
- Familiar with translating frameworks like NIST CSF or CIS Controls into quarterly OKRs and sprint-level work
- Hands-on experience building or maturing a security program at a mid-size or growth-stage organization
- Experience overseeing AppSec tooling (SAST, DAST, SCA, Container Scanning, Secrets) and programs like penetration testing or bug bounty
- You know how to set remediation SLAs and hold engineering teams accountable to them without creating adversarial relationships
- A background working with or managing engineers who build and tune detections in a SIEM, manage alert pipelines, and reduce noise
- You understand the operational side of security monitoring — not just deploying tools but making them effective
- Experience running an AI forward team of engineers
- A track record of working across engineering, SRE, platform, IT, and legal orgs
- You can navigate competing priorities and translate security requirements into language that product and platform teams will act on
- You have deep familiarity with cloud security (AWS), Application Security (particularly web native apps and authentication), endpoint security (EDR), email security (anti-spam/phishing), and device management
- Experience evaluating security vendors, running third-party risk assessments
- You have defined and reported on security KPIs like MTTD, MTTR, vulnerability aging, and coverage metrics
- Demonstrated domain expertise in one or more core security domains and secondary specializations, (e.g. infrastructure security, application security, corporate IT security, security operations)