Apply on Employer Site

TrueAccord · 2 weeks ago

Manager of Application Security

United States

Full-time

Remote

Senior Level

$150K/yr - $190K/yr

5+ years exp

TrueML is a mission-driven financial software company that aims to create better customer experiences for distressed borrowers. They are seeking a talented and motivated Manager of Application Security to lead and manage their application security program, ensuring the protection of their platform and customer data from cyber threats.

AnalyticsCRMDebt CollectionsFinanceFinancial ServicesFinTechInformation TechnologyMachine Learning

No H1B

Responsibilities

Develop, implement, and maintain a comprehensive application security strategy aligned with business objectives and industry best practices

Lead and mentor the app security team, fostering a culture of security awareness and continuous improvement across the organization

Report to leadership on the status of the application security program, including risk posture, incidents, and performance metrics

Evaluate and recommend new application security technologies and tools to enhance the organization's security posture

Oversee the day-to-day security operations, including monitoring, threat detection, incident response, and vulnerability management

Design, implement, and manage security controls for our cloud-based SaaS platform (AWS), corporate network, and endpoints

Conduct regular application security assessments, penetration tests, and vulnerability scans, and manage the remediation of identified issues

Maintain an application security risk management framework, identifying, analyzing, and treating risks

Ensure compliance with relevant regulatory requirements and industry standards (e.g., ISO 27001, NIST, PCI DSS, GDPR)

Maintain and enforce application security policies, standards, and procedures

Liaise and coordinate internal and external security audits

Lead the security incident response team, managing all phases of the incident lifecycle from detection and containment to eradication and recovery

Conduct post-incident reviews to identify root causes and implement preventative measures

Manage, mentor, and develop the application security team

Assist in managing the security budget and resources effectively

Work with team members to define what success looks like, sets goals, defines metrics and tracks progress

Qualification

Application SecurityCloud SecurityRisk ManagementTeam LeadershipVulnerability AnalysisSecurity CertificationsIncident ResponseCommunication SkillsProblem-SolvingProject Management

Required

Bachelor's degree in Computer Science, Information Security, or a related field; or equivalent practical experience

5+ years of experience in application security, with at least 2+ years in a management or leadership role, preferably at a SaaS company

Proven experience designing and securing cloud-native environments (e.g., microservices, containers, serverless)

Strong knowledge of vulnerability analysis, network security, infrastructure security, identity and access management, logging and monitoring, incident response, application security, and data protection technologies

Proven experience developing and managing an enterprise-level information security program

Relevant security certifications such as CISSP, CISM, or CISA

Familiarity with common exploitation techniques, attack vectors, and defensive strategies

Experience with SIEM tools, vulnerability scanners, penetration testing and threat model methodologies

Understanding of generative AI and its usage within security and engineering as well as best practices

Identity Management and Cloud Security

Exceptional communication and interpersonal skills to articulate complex security concepts to technical and non-technical audiences

Strong leadership, organizational, and project management abilities

Excellent problem-solving and decision-making skills

Must be authorized to work in the US without sponsorship