Manager, Application Security

Job Description:
• Lead and Mentor a High-Performing Team: Hire, develop, and retain top engineering talent. Foster a culture of technical excellence and ownership while providing coaching, career guidance, and performance management for your direct reports.
• Champion "Shift-Left" Security: Partner with development teams to embed security into the CI/CD process. Advocate for and operationalize automated security tooling (SAST, DAST, SCA) to provide developers with fast, actionable feedback.
• Manage External Security Assessments: Oversee the strategy and operations for both the Responsible Disclosure program and third-party penetration testing.

You will handle scoping, vendor management, triage, and the facilitation of remediation with internal engineering teams.
• Advise on Customer-Facing Security Features: Collaborate with Product and Engineering teams to provide technical feedback and security requirements for customer-facing features (e.g., encryption controls, audit logging, identity management). You will ensure we are building product capabilities that solve security challenges for our customers.
• Execute the Security Roadmap: Collaborate with leadership to implement the strategy for security infrastructure and automation. Ensure your team’s work aligns with business objectives and effectively reduces risk.
• Drive Security Automation: Prioritize the engineering of automated solutions for threat detection and vulnerability management.

Ensure your team builds tools that allow us to respond to threats at machine speed.
• Enable Incident Response & Compliance: Oversee the team's participation in incident response activities and ensure technical controls support continuous compliance with frameworks such as FedRAMP, SOC 2, and ISO 27001.

Requirements:
• 7+ years of progressive experience in technology, with at least 1-2 years in a management or team lead role for a technical team (AppSec, DevSecOps, or Site Reliability Engineering).
• Technical Background: A BS/MS in Computer Science or equivalent experience, with a strong background in scripting/programming (Python, Go, or Java) and agile development.
• AppSec & Cloud Expertise: Experience with modern application security toolchains (SAST, DAST), vulnerability management, and cloud environments (preferably AWS).
• Framework Knowledge: Familiarity with application security requirements for regulated markets (e.g., FedRAMP, HIPAA, SOC2).
• Collaboration Skills: Proven ability to build partnerships between engineering/development and security teams, influencing them to adopt best practices.
• Communication Skills: Demonstrates the ability to communicate clearly and effectively, both in writing and verbally, with technical and non-technical stakeholders.
• Planning and Execution: Ability to translate strategy into actionable plans, manage timelines, and ensure reliable execution.
• Decision-Making and Judgment: Ability to make timely, well-reasoned decisions with incomplete information, balancing security risk, business impact, and delivery timelines.

Benefits:
• HSA, 100% employer-paid premiums, or Buy-up medical/vision and dental coverage options for full-time employees
• 401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay)
• Monthly stipend to support your work and productivity
• Flexible Time Away Program, plus Sick Time Off
• US employees are automatically covered under Smartsheet-sponsored life insurance, short-term, and long-term disability plans
• US employees receive 12 paid holidays per year
• Up to 24 weeks of Parental Leave
• Personal paid Volunteer Day to support our community
• Opportunities for professional growth and development including access to Udemy online courses
• Company Funded Perks, including a counseling membership, local retail discounts, and your own personal Smartsheet account
• Teleworking options from any registered location in the U.S. (role specific)

Apply tot his job