Manager, Application Security
Job Description: β’ Lead and Mentor a High-Performing Team: Hire, develop, and retain top engineering talent. Foster a culture of technical excellence and ownership while providing coaching, career guidance, and performance management for your direct reports. β’ Champion "Shift-Left" Security: Partner with development teams to embed security into the CI/CD process. Advocate for and operationalize automated security tooling (SAST, DAST, SCA) to provide developers with fast, actionable feedback. β’ Manage External Security Assessments: Oversee the strategy and operations for both the Responsible Disclosure program and third-party penetration testing. You will handle scoping, vendor management, triage, and the facilitation of remediation with internal engineering teams. β’ Advise on Customer-Facing Security Features: Collaborate with Product and Engineering teams to provide technical feedback and security requirements for customer-facing features (e.g., encryption controls, audit logging, identity management). You will ensure we are building product capabilities that solve security challenges for our customers. β’ Execute the Security Roadmap: Collaborate with leadership to implement the strategy for security infrastructure and automation. Ensure your teamβs work aligns with business objectives and effectively reduces risk. β’ Drive Security Automation: Prioritize the engineering of automated solutions for threat detection and vulnerability management. Ensure your team builds tools that allow us to respond to threats at machine speed. β’ Enable Incident Response & Compliance: Oversee the team's participation in incident response activities and ensure technical controls support continuous compliance with frameworks such as FedRAMP, SOC 2, and ISO 27001. Requirements: β’ 7+ years of progressive experience in technology, with at least 1-2 years in a management or team lead role for a technical team (AppSec, DevSecOps, or Site Reliability Engineering). β’ Technical Background: A BS/MS in Computer Science or equivalent experience, with a strong background in scripting/programming (Python, Go, or Java) and agile development. β’ AppSec & Cloud Expertise: Experience with modern application security toolchains (SAST, DAST), vulnerability management, and cloud environments (preferably AWS). β’ Framework Knowledge: Familiarity with application security requirements for regulated markets (e.g., FedRAMP, HIPAA, SOC2). β’ Collaboration Skills: Proven ability to build partnerships between engineering/development and security teams, influencing them to adopt best practices. β’ Communication Skills: Demonstrates the ability to communicate clearly and effectively, both in writing and verbally, with technical and non-technical stakeholders. β’ Planning and Execution: Ability to translate strategy into actionable plans, manage timelines, and ensure reliable execution. β’ Decision-Making and Judgment: Ability to make timely, well-reasoned decisions with incomplete information, balancing security risk, business impact, and delivery timelines. Benefits: β’ HSA, 100% employer-paid premiums, or Buy-up medical/vision and dental coverage options for full-time employees β’ 401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay) β’ Monthly stipend to support your work and productivity β’ Flexible Time Away Program, plus Sick Time Off β’ US employees are automatically covered under Smartsheet-sponsored life insurance, short-term, and long-term disability plans β’ US employees receive 12 paid holidays per year β’ Up to 24 weeks of Parental Leave β’ Personal paid Volunteer Day to support our community β’ Opportunities for professional growth and development including access to Udemy online courses β’ Company Funded Perks, including a counseling membership, local retail discounts, and your own personal Smartsheet account β’ Teleworking options from any registered location in the U.S. (role specific) Apply tot his job