Apply on Employer Site

Bonterra · 14 hours ago

Manager, Application Security Team

United States

Full-time

Remote

Mid, Senior Level

$134K/yr - $180K/yr

Bonterra is a company focused on increasing the giving rate in the social good sector. They are seeking a hands-on security engineering leader to build and lead their application security team, responsible for managing vulnerabilities and ensuring secure coding practices across multiple products.

Information TechnologySoftware

No H1B

Responsibilities

Manage a team of 3-5 security engineers focused on vulnerability remediation across multiple products

Triage and prioritize security findings from our scanning and penetration testing teams

Own the end-to-end process from vulnerability identification to verified fix

Build relationships with product engineering teams to coordinate remediation work without disrupting roadmaps

Personally fix complex security vulnerabilities across different codebases and tech stacks

Design and build secure libraries and components that product teams can adopt

Conduct security-focused code reviews and establish secure coding patterns

Define and maintain secure coding standards for AI-assisted development, addressing risks specific to LLM-generated code

Develop remediation playbooks for common vulnerability classes

Partner with the security scanning team to improve detection accuracy and reduce false positives

Establish metrics to track remediation velocity, fix quality, and regression rates

Drive security awareness through documentation and training

Ensure remediation work meets requirements for SOC2, PCI, and other applicable frameworks

Provide evidence and documentation for audits and compliance reviews

Help translate compliance requirements into actionable engineering work

Qualification

Application SecuritySecure Software DevelopmentSecurity Design PrinciplesAI Coding ToolsSecurity Scanning ToolsPenetration TestingCompliance FrameworksVulnerability RemediationMentoring SkillsCommunication SkillsCollaboration Skills

Required

Expert-level proficiency with AI coding tools (Copilot, Claude, Cursor, agentic workflows), you ship at high velocity and drive your team to do the same

Strong background in application security, secure software development, and security design principles

Experience with common security scanning tools (SAST, DAST, SCA) and understanding their limitations

Background in penetration testing or red team work

Familiarity with compliance frameworks (SOC2, PCI-DSS, HIPAA)

Contributions to security open source projects or published security research

Degree in computer science, cybersecurity, or related field with security focus

Proven ability to find and fix vulnerabilities across multiple languages and frameworks

Comfortable context-switching between hands-on coding and people management

Track record of mentoring and developing security engineers

Ability to communicate security risks and trade-offs to both technical and non-technical audiences

Experience prioritizing competing demands from multiple stakeholders

Collaborative approach - build bridges with product teams and other functions