TrueML is a fintech company building software to create positive experiences for consumers seeking financial health.

Application Security Manager

Security EngineerSecurity EngineerFull TimeRemoteTeam 51-200H1B No SponsorCompany Site LinkedIn

Location

United States

Posted

80 days ago

Salary

$150K - $190K / year

Bachelor Degree5 yrs expEnglishAWSCloudMicroservices

Job Description

• Develop, implement, and maintain a comprehensive application security strategy aligned with business objectives and industry best practices. • Lead and mentor the app security team, fostering a culture of security awareness and continuous improvement across the organization. • Report to leadership on the status of the application security program, including risk posture, incidents, and performance metrics. • Evaluate and recommend new application security technologies and tools to enhance the organization's security posture. • Oversee the day-to-day security operations, including monitoring, threat detection, incident response, and vulnerability management. • Design, implement, and manage security controls for our cloud-based SaaS platform (AWS), corporate network, and endpoints. • Conduct regular application security assessments, penetration tests, and vulnerability scans, and manage the remediation of identified issues. • Maintain an application security risk management framework, identifying, analyzing, and treating risks. • Ensure compliance with relevant regulatory requirements and industry standards (e.g., ISO 27001, NIST, PCI DSS, GDPR). • Maintain and enforce application security policies, standards, and procedures. • Liaise and coordinate internal and external security audits. • Lead the security incident response team, managing all phases of the incident lifecycle from detection and containment to eradication and recovery. • Conduct post-incident reviews to identify root causes and implement preventative measures. • Manage, mentor, and develop the application security team.

Job Requirements

Bachelor's degree in Computer Science, Information Security, or a related field; or equivalent practical experience.
5+ years of experience in application security, with at least 2+ years in a management or leadership role, preferably at a SaaS company.
Proven experience designing and securing cloud-native environments (e.g., microservices, containers, serverless).
Strong knowledge of vulnerability analysis, network security, infrastructure security, identity and access management, logging and monitoring, incident response, application security, and data protection technologies.
Proven experience developing and managing an enterprise-level information security program.
Relevant security certifications such as CISSP, CISM, or CISA.
Familiarity with common exploitation techniques, attack vectors, and defensive strategies.
Experience with SIEM tools, vulnerability scanners, penetration testing and threat model methodologies.
Understanding of generative AI and its usage within security and engineering as well as best practices.
Identity Management and Cloud Security.
Exceptional communication and interpersonal skills to articulate complex security concepts to technical and non-technical audiences.
Strong leadership, organizational, and project management abilities.
Excellent problem-solving and decision-making skills.