Senior Software Engineering Manager : Security

NOT FOR FIRST TIME JOB SEEKERS HYBRID MODEL : OFFICE AND HOME (OFFICE - ROODEPOORT - GAUTENG - SOUTH AFRICA)

The Senior Software Engineering Manager : Security is responsible for embedding security engineering practices across the enterprise's platforms, applications, and integrations.

This role ensures that security is built into every layer of software development — from architecture and design to deployment and operations.

It combines deep technical expertise in cybersecurity with leadership, governance, and engineering delivery responsibilities.

1. Security Strategy & Leadership: Define and drive the software security engineering strategy, ensuring alignment with enterprise security and technology roadmaps. Act as the security champion within engineering, embedding DevSecOps practices across backend, mobile, digital channels, and integrations. Partner with the CISO, enterprise security, and architecture teams to set secure-by-design principles and frameworks.
2. Secure Software Engineering Delivery: Oversee the integration of application security testing (SAST, DAST, IAST, SCA) into CI / CD pipelines. Ensure API, backend, mobile, and digital channel platforms are secured against evolving threats. Lead initiatives for zero trust architecture, encryption, identity & access management, and secure APIs. Govern secure coding standards, threat modelling, and vulnerability management.
3. Governance, Risk & Compliance: Ensure software engineering practices comply with regulatory frameworks (e.g., PCI DSS, POPIA, GDPR, SOC 2, ISO). Oversee risk assessments, penetration testing, and incident response readiness. Align software engineering controls with enterprise GRC (Governance, Risk & Compliance) frameworks. Implement secure observability and monitoring for proactive threat detection in engineering systems.
4. Leadership & People Development: Lead and mentor security engineers, DevSecOps specialists, and secure coding champions. Build organizational capability in security engineering skills, tools, and practices. Foster a culture of security‑first thinking across all engineering teams. Drive training and awareness programs to ensure engineering talent remains up to date with emerging threats and tools.
5. Stakeholder & Vendor Management: Partner with enterprise engineering managers (backend, mobile, digital, integrations) to embed security consistently. Collaborate with business, product, and compliance stakeholders to balance customer experience with security requirements. Manage relationships with security vendors, penetration testers, and regulatory auditors.

Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or a related field (mandatory).

Postgraduate qualification (MSc in Cybersecurity / IT, MBA) – advantageous.

Professional Certifications (preferred / required): Security: CISSP, CISM, or CISA. Application Security: CSSLP (Certified Secure Software Lifecycle Professional).

Cloud Security: AWS / Azure / GCP Security Specialty. DevSecOps: GIAC, Kubernetes Security Specialist, or equivalent. ITIL or governance frameworks – advantageous.

• years' experience in software / security engineering, with at least 5+ years in leadership roles. Proven experience embedding application security across large engineering teams. Strong track record in DevSecOps, secure CI / CD, and automation of security controls. Experience securing cloud‑native, microservices, APIs, and mobile applications at enterprise scale. Hands‑on expertise in threat modelling, penetration testing, vulnerability remediation, and secure architecture design. Background in regulated industries (banking, fintech, telecom, or healthcare) preferred.

• Deep expertise in application and cloud security engineering. Strong knowledge of cybersecurity frameworks and compliance standards. Excellent leadership and coaching skills for building specialized security engineering teams. Ability to balance innovation, speed, and compliance in software delivery. Strong stakeholder management across executives, regulators, and technical teams.