Senior Manager, Application Security

JOB SUMMARY The Senior Manager, Application Security is responsible for defining, leading, and operationalizing the firm’s application security program across internally developed applications, SaaS platforms, APIs, databases, generative AI platforms, and emerging application architectures. This role partners closely with application engineering, cloud, and platform teams to embed security into the software development lifecycle while enabling teams to deliver securely at scale. The ideal candidate is a highly skilled, hands-on technical leader who can translate security requirements into practical developer workflows while enabling rapid and reliable software delivery. JOB DUTIES & RESPONSIBILITIES Develop, execute, and continuously mature the enterprise application security strategy in alignment with industry best practices, regulatory requirements, and client contractual obligations. Define and maintain secure application development standards for internally developed software, third-party applications, APIs, SaaS platforms and containerized workloads. Establish minimum security requirements for application authentication, authorization, encryption, secrets handling, and data protection. Define, maintain, and enforce secure SDLC and DevSecOps standards across all development teams. Integrate application security controls into CI/CD pipelines, developer platforms, and engineering workflows with a focus on automation and scalability. Partner with Application Engineering and DevOps teams to embed automated security testing and preventive controls while maintaining security ownership of policy and enforcement. Evaluate, select, implement, and manage the full lifecycle of application security tooling including: SAST, DAST, SCA, and API security testing platforms Container image scanning and registry security tooling Kubernetes security and runtime protection solutions Software supply chain security tooling Design and implement integrations between application security tooling and developer workflows to minimize friction and maximize adoption. Design and build automation to support application security processes including: Orchestrated automated security testing. Vulnerability triage and prioritization workflows Developer feedback loops and ticketing system integrations Exception handling, risk acceptance, and policy waiver workflows Security metrics and pipeline telemetry Identify and assess application security risks including vulnerable dependencies, insecure authentication patterns, data exposure risks, and insecure configuration. Perform and support threat modeling, architecture reviews, and secure design assessments for high-risk, or business critical applications. Support the security review, onboarding, and ongoing risk management of third-party and SaaS applications. Develop and maintain metrics, dashboards, and reporting to measure application security posture, testing coverage, and vulnerability remediation effectiveness. Provide appl