About this role
Prosper is seeking a Senior Manager to lead the Application Security program and define a multi-year roadmap. This role drives secure by design practices across the SDLC, oversees vulnerability management and incident response, and leads third-party penetration testing strategy.
Key Responsibilities
- Define and execute a multi-year Application Security roadmap
- Integrate threat modeling and application security tools into the SDLC via CI/CD pipelines
- Oversee end-to-end AppSec vulnerability lifecycle (identification, prioritization, remediation)
- Direct incident response for application security alerts/incidents
- Lead strategy for third party penetration tests and report metrics to executives
Technical Overview
You will integrate threat modeling and application security tooling (SAST, SCA, DAST, IAST, RASP) into CI/CD pipelines, and perform security architecture reviews for major product changes. The role emphasizes cloud-native security and container security in GCP, alongside end-to-end vulnerability lifecycle ownership and application security reporting metrics.
Ideal Candidate
The ideal candidate is an Application Security Senior Manager with 10+ years of progressive application security experience and 3+ years of people leadership experience. They have deep technical expertise embedding security into the SDLC using CI/CD pipelines and tools like SAST, SCA, DAST, IAST, and RASP, and they can lead vulnerability lifecycle management and incident response. They also have strong cloud-native security experience with Google Cloud Platform (GCP) and container security.
Must-Have Skills
10+ years of progressive application security experience (prior software development experience preferred)Prior people leadership experience (3+ years) with the ability to leadmanageand develop a technical Application Security Engineering teamDeep technical knowledge with a track record of successful execution in application security (secure SDLCpenetration testingand security tooling (SASTDASTIASTRASPSCA)Strong knowledge of CI/CD pipelinescloud-native security (GCP)and container securityBachelor's degree in Computer Science or a related fieldor its equivalent in work experienceStrong working knowledge of at least two programming or scripting languages
Nice-to-Have Skills
prior software development experience preferred
Tools & Platforms
GCPGoogle Cloud Platform
Required Skills
Application Security program leadershipmulti-year Application Security roadmapthreat modelingsecurity tools & testingSASTSCADASTIASTRASPsecure by designSDLCCI/CD pipelinearchitecture reviewsvulnerability lifecycleidentificationprioritizationremediationexploitabilitythreat intelligenceincident responsepenetration testsexecutive dashboards and reportsteam leadership and mentoringsecurity champions programcontinuous improvementcloud-native security (GCP)container securityprogramming or scripting languages
Hard Skills
Application Securitythreat modelingsecurity tools & testingSASTStatic Application Security TestingSCASoftware Composition AnalysisDASTDynamic Application Security TestingIASTInteractive Application Security TestingRASPRuntime Application Self-Protectionsecure by designSDLCCI/CD pipelineArchitecture Reviewsvulnerability lifecycleprioritizationremediationexploitabilitythreat intelligenceincident responsepenetration testsexecutive-level dashboardsreportingmetricscloud-native securityGCPGoogle Cloud Platformcontainer securityprogram leadershipsecure SDLCsecurity toolingpenetration testingsecurity champions programprogram roadmapmulti-year Application Security roadmapprogram optimization
Soft Skills
Leadershipmentoringfostering constructive dialogueinfluence technology and product teamsteam managementcollaborationcontinuous improvementexecutive communicationexecutive-level reporting
Keywords for Your Resume
Sr. ManagerApplication SecurityApplication Security Senior Managerapplication security programmulti-year Application Security roadmapsecure by designsecure SDLCSDLCCI/CD pipelineCI CDthreat modelingSASTStatic Application Security TestingSCASoftware Composition AnalysisDASTDynamic Application Security TestingIASTInteractive Application Security TestingRASPRuntime Application Self-ProtectionArchitecture Reviewsvulnerability lifecycleremediationincident responsepenetration testscloud-native securityGCPGoogle Cloud Platformcontainer securitysecurity champions programexecutive-level dashboardsreporting and metricsteam leadershipmentoring
Deal Breakers
10+ years of progressive application security experience, 3+ years of people leadership experience, Strong knowledge of CI/CD pipelines, cloud-native security (GCP), and container security, Bachelor's degree in Computer Science or a related field, or its equivalent in work experience
Get matched to jobs like this
Luna finds roles that fit your skills and career goals — no endless scrolling required.
Create a Free Profile