We are seeking a highly motivated Application Security Manager to join our team and become a champion for secure coding practices within our development teams. You will play a pivotal role in building a strong security culture, fostering collaboration between security and development, and ultimately, ensuring the applications we build are robust against evolving threats and meet our business objectives. 

The role is highly technical, and candidates must possess a solid understanding of how security controls are applied to software development lifecycles. The role also requires an understanding of business goals/strategy and operational requirements in a fast-paced environment. The candidate will be an integrated team member working with software developers, system engineers, cybersecurity engineers and systems administrators. The role also acts as a liaison with business stakeholders and Security leaders to understand the strategy and execution outlook. The role is heavily security-focused and ingrained in the CI/CD pipeline automation to deliver security principles and validation at all times.  

The candidate should have a strong work ethic, perform analytical and critical thinking, and is masterful at meeting change requests on demand. The ideal candidate will also collaborate with multiple business units and possess strong listening and communication skills. 

• Work to consistently learn and share advanced skills and practices that promote team excellence. 
• Build relationships with development teams and key business stakeholders to incorporate security principles into development and deployments. 
• Supervise testing and validation in application security controls across projects. 
• Create and uphold CI/CD security strategy and practices in tandem with other technical team leads. 
• Serve as a point of contact for security-based escalations and remain tightly involved through resolution. 
• Build services and tools to enable developers to easily use security components produced by application security team members.  
• Simplify automation that applies security inter-workings with CI/CD pipelines. 
• Enable the ability to “shift left” and incorporate security early on and throughout the development lifecycle. 
• Identify vulnerabilities in code through automated and manual assessments and promote quick remediation. 
• Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging. 
• Leverage vulnerability database sources to understand the weakness, probability and remediation options supplied by vendors as well as workarounds.   
• Regularly research and learn new tactics, techniques, and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary through the CI/CD pipeline. 
• Enrich DevOps architecture with security standards and best practices. 
• Partner with teams to define key performance indicators (KPIs) and metrics across business units

• Expected to hold one or more security certifications relevant to the position, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Computer Security Incident Handler (CSIH), CISM (Certified Information Security Manager). 
• AWS or Azure Architect or Security certifications.