Manager of Application Security
Job Title: Manager of Application Security
Why TrueML? TrueML is a mission-driven financial software company that aims to create better customer experiences for distressed borrowers. Consumers today want personal, digital-first experiences that align with their lifestyles, especially when managing finances. TrueML’s approach uses machine learning to engage each customer digitally and adjust strategies in real-time in response to their interactions. The TrueML team includes inspired data scientists, financial services industry experts, and customer experience fanatics who are building technology to serve people in a way that recognizes their unique needs and preferences as human beings and endeavors to ensure nobody gets locked out of the financial system.
Your Role
We are seeking a talented and motivated Manager of Application Security to lead and manage our application security program. This role is critical in protecting our platform, customer data, and internal systems from evolving cyber threats. The ideal candidate will have a strong background in app security architecture, risk management, compliance, and team leadership within a fast-paced technology environment. The ideal candidate will have excellent communication skills and the ability to collaborate effectively with cross-functional teams.
Key Responsibilities
Strategy and Leadership: Develop, implement, and maintain a comprehensive application security strategy aligned with business objectives and industry best practices. Lead and mentor the app security team, fostering a culture of security awareness and continuous improvement across the organization. Report to leadership on the status of the application security program, including risk posture, incidents, and performance metrics. Evaluate and recommend new application security technologies and tools to enhance the organization's security posture.
Appication Security Operations and Architecture: Oversee the day-to-day security operations, including monitoring, threat detection, incident response, and vulnerability management. Design, implement, and manage security controls for our cloud-based SaaS platform (AWS), corporate network, and endpoints. Conduct regular application security assessments, penetration tests, and vulnerability scans, and manage the remediation of identified issues.
Risk and Compliance: Maintain an application security risk management framework, identifying, analyzing, and treating risks. Ensure compliance with relevant regulatory requirements and industry standards (e.g., ISO 27001, NIST, PCI DSS, GDPR). Maintain and enforce application security policies, standards, and procedures. Liaise and coordinate internal and external security audits.
Incident Response: Lead the security incident response team, managing all phases of the incident lifecycle from detection and containment to eradication and recovery. Conduct post-incident reviews to identify root causes and implement preventative measures.
Team Leadership: Manage, mentor, and develop the application security team. Assist in managing the security budget and resources effectively. Work with team members to define what success looks like, sets goals, defines metrics and tracks progress.
Qualifications
Education: Bachelor's degree in Computer Science, Information Security, or a related field; or equivalent practical experience.
5+ years of experience in application security, with at least 2+ years in a management or leadership role, preferably at a SaaS company.
Proven experience designing and securing cloud-native environments (e.g., microservices, containers, serverless).
Strong knowledge of, vulnerability analysis, network security, infrastructure security, identity and access management, logging and monitoring, incident response, application security, and data protection technologies.
Proven experience developing and managing an enterprise-level information security program.
Relevant security certifications such as CISSP, CISM, or CISA.
Technical Skills: • Familiarity with common exploitation techniques, attack vectors, and defensive strategies.• Experience with SIEM tools, vulnerability scanners, penetration testing and threat model methodologies.• Understanding of generative AI and its usage within security and engineering as well as best practices.• Identity Management and Cloud Security.
Soft Skills: • Exceptional communication and interpersonal skills to articulate complex security concepts to technical and non-technical audiences. • Strong leadership, organizational, and project management abilities.• Excellent problem-solving and decision-making skills.
Must be authorized to work in the US without sponsorship. SPONSORSHIP IS NOT AVAILABLE.
$150,000 - $190,000 a year
About the job
Apply for this position
Manager of Application Security
Job Title: Manager of Application Security
Why TrueML? TrueML is a mission-driven financial software company that aims to create better customer experiences for distressed borrowers. Consumers today want personal, digital-first experiences that align with their lifestyles, especially when managing finances. TrueML’s approach uses machine learning to engage each customer digitally and adjust strategies in real-time in response to their interactions. The TrueML team includes inspired data scientists, financial services industry experts, and customer experience fanatics who are building technology to serve people in a way that recognizes their unique needs and preferences as human beings and endeavors to ensure nobody gets locked out of the financial system.
Your Role
We are seeking a talented and motivated Manager of Application Security to lead and manage our application security program. This role is critical in protecting our platform, customer data, and internal systems from evolving cyber threats. The ideal candidate will have a strong background in app security architecture, risk management, compliance, and team leadership within a fast-paced technology environment. The ideal candidate will have excellent communication skills and the ability to collaborate effectively with cross-functional teams.
Key Responsibilities
Strategy and Leadership: Develop, implement, and maintain a comprehensive application security strategy aligned with business objectives and industry best practices. Lead and mentor the app security team, fostering a culture of security awareness and continuous improvement across the organization. Report to leadership on the status of the application security program, including risk posture, incidents, and performance metrics. Evaluate and recommend new application security technologies and tools to enhance the organization's security posture.
Appication Security Operations and Architecture: Oversee the day-to-day security operations, including monitoring, threat detection, incident response, and vulnerability management. Design, implement, and manage security controls for our cloud-based SaaS platform (AWS), corporate network, and endpoints. Conduct regular application security assessments, penetration tests, and vulnerability scans, and manage the remediation of identified issues.
Risk and Compliance: Maintain an application security risk management framework, identifying, analyzing, and treating risks. Ensure compliance with relevant regulatory requirements and industry standards (e.g., ISO 27001, NIST, PCI DSS, GDPR). Maintain and enforce application security policies, standards, and procedures. Liaise and coordinate internal and external security audits.
Incident Response: Lead the security incident response team, managing all phases of the incident lifecycle from detection and containment to eradication and recovery. Conduct post-incident reviews to identify root causes and implement preventative measures.
Team Leadership: Manage, mentor, and develop the application security team. Assist in managing the security budget and resources effectively. Work with team members to define what success looks like, sets goals, defines metrics and tracks progress.
Qualifications
Education: Bachelor's degree in Computer Science, Information Security, or a related field; or equivalent practical experience.
5+ years of experience in application security, with at least 2+ years in a management or leadership role, preferably at a SaaS company.
Proven experience designing and securing cloud-native environments (e.g., microservices, containers, serverless).
Strong knowledge of, vulnerability analysis, network security, infrastructure security, identity and access management, logging and monitoring, incident response, application security, and data protection technologies.
Proven experience developing and managing an enterprise-level information security program.
Relevant security certifications such as CISSP, CISM, or CISA.
Technical Skills: • Familiarity with common exploitation techniques, attack vectors, and defensive strategies.• Experience with SIEM tools, vulnerability scanners, penetration testing and threat model methodologies.• Understanding of generative AI and its usage within security and engineering as well as best practices.• Identity Management and Cloud Security.
Soft Skills: • Exceptional communication and interpersonal skills to articulate complex security concepts to technical and non-technical audiences. • Strong leadership, organizational, and project management abilities.• Excellent problem-solving and decision-making skills.
Must be authorized to work in the US without sponsorship. SPONSORSHIP IS NOT AVAILABLE.
$150,000 - $190,000 a year