• Leads a team of application security engineers that evangelizes application security across Beyond and promotes the importance of integrating security into the development and deployment process.
• Designs and develops security features for applications and integrates security features and updates into existing digital assets and ensures that the security of all applications is maintained throughout their lifecycle.
• Recommends application security controls and resolves integration and testing issues associated with those controls.
• Builds a standardized set of security application requirements and metrics to report performance against those requirements.
• Collaborates with CI/CD and DevOps teams to integrate SAST, SCA, DAST, cloud, and container security scanning tools into deployment pipelines and processes.
• Migrates security considerations to an earlier stage of the development lifecycle to reduce both the cost and impact of discovered vulnerabilities.
• Collaborates with teams responsible for managing cloud instances to integrate security tooling into workloads deployed in cloud environments.
• Reviews results from automated SAST, DAST, and SCA scans as well as externally reported vulnerabilities and collaborates with Development and operational teams to implement technical solutions for improving secure coding practices and deployment pipelines.
• Builds and delivers security education programs that will improve Developers understanding of security concepts.
• Collaborates with the Security Operations team to build automation into the deployment, maintenance, and tuning of detective and preventative security controls across the environment.
• Collaborates with the Director of Cybersecurity and the Application Security team to design and run quarterly Security Champions meetings and works with senior members of development to coordinate Security Champions events.
• Performs other job-related duties as assigned.

Required Skills and Experience:

• Conducting application security reviews (which include architecture reviews, threat modeling, code reviews and security testing)
• Experience with static code analysis, dynamic code analysis, and software composition analysis.
• Experience serving as application security advisor to external teams and comfortable interfacing with development teams.
• Write and contribute to project plans, author engineering level documentation, and develop detailed test plans.
• Experience generating and delivering performance metrics pertinent to the Application Security program.
• Creating, updating, and maintaining threat models for a variety of projects.
• Experience conducting manual and automated secure code review.
• Experience managing a vulnerability disclosure and bug bounty program.
• Build prototypes and help identify, design, and test security improvements.
• Development experience in Python and/or Java and associated package managers, resolving software supply chain vulnerabilities.
• Experience hiring and leading diverse teams.

Preferred Skills and Experience:

• Application Security Scanning: SAST, DAST, SCA
• Containerization and CI/CD Toolsets
• Public Cloud Security: AWS, GCP, Azure, Oracle Cloud
• Web Application Security: Web Application Firewalls (WAF), Runtime Application Self-Protection (RASP), Bot Identification and Prevention
• Languages: Java, python, node.js and/or other popular languages

Education/Licensing/Certifications:

• Graduation from an accredited institution with a Bachelor’s degree in Engineering, Information Systems, Computer Science or a related field or any combination of education and/or experience.
• OSCP
• SANS/GIAC (GWAPT, GSEC, GCIH, GCIA, etc.)
• Public Cloud DevOps certifications
• CEH
• Relevant coding certifications

The Application Security Manager serves as an advisory expert to the development organization as it relates to secure coding and application security methodologies. The manager drives the execution and delivery of the team’s projects. The manager works with senior security leadership to establish key strategic initiatives and executes against the plan. The manager grows the Application Security team's capabilities and coaches the technical development of Application Security Engineers. The manager partners with developer team leaders to advance secure coding principles.

Base Pay Range:

$150,000 - $185,000 per year

What We Offer:

• 401k (6% match)
• Flexible Schedules
• Onsite Health Clinic
• Tuition Reimbursement, Leadership Development Program, & Mentorship Program
• Onsite Fitness Center
• Employee Resource Groups (LatinX, Black Employee Network, LGBTQIA+, Women’s Network, Women In Tech)
• And More…

Benefits vary based on position, tenure, location, and employee election

Physical Requirements:

This position requires you to sit, stand and perform general office functions. You may also be required to lift up to 25 pounds occasionally. Bending, stooping and reaching are also frequently required.

Equal Employment Opportunity:

It is our policy to provide equal employment opportunity for all applicants and associates.  This policy includes our commitment to ensure that all employment decisions are made without regard to race, color, religion, gender, national origin, disability, pregnancy, veteran status (including Vietnam era veterans), age, sexual orientation, gender identity, or any other non-job-related characteristic protected by law.