Application Security Program Manager

| TASKS:

· Perform application security services including risk assessments, architecture reviews, and code review for internal and third-party applications · Coordinate with developers, project teams, and third-party vendors to assess and guide secure software development and integration · Provide consultative guidance during design, development, and deployment phase of new solutions · Review threat models, validate security controls, and ensure alignment with security policies · Review and interpret security testing reports and vulnerability findings, and assist with risk remediation strategies · Contribute improvements in existing AppSec process, workflows, and documentation · Participate in defining and expanding secure software development lifecycle practices across the organization · Support the development and refinement of policy and governance documents related to software security · Track and report on security metrics, status of findings, and overall risk trends · Support management of tools, resources, and schedules for security testing | MANDATORY SKILLS/EXPERIENCE Note: Candidates who do not have the mandatory skills will not be considered | · At least 8 years of hands-on experience in application security, secure software development, or security consulting · Experience conducting security reviews (code, design threat modeling, architecture) for modern applications (web, mobile, cloud-native) · Strong knowledge of secure development practices, OWASP Top 10, and relevant standards · Ability to communicate technical risks and recommendations clearly to technical and non-technical audiences · Familiarity with tools used in code analysis, vulnerability scanning, and security testing · Experience working cross-functionally with developers, engineers, and product teams | DESIRABLE SKILLS/EXPERIENCE: | · Experience working within or alongside DevOps/CI-CD environments · Familiarity with container security, API security, and cloud-native application architectures (AWS, Azure, GCP) · Experience supporting security governance or policy development · Experience with risk exception processes or helping define security risk tolerances · Experience in large, complex organizations or government/public sector environments · Experience with third-party risk assessments, vendor management, or SaaS reviews

This is a remote position.