Application Security Manager

Job Summary

We are seeking an experienced Application Security Manager responsible for ensuring the security of enterprise infrastructure, networks, data, and applications. This role will lead the implementation of security best practices, compliance frameworks, vulnerability management processes, and governance standards across complex environments.

The ideal candidate will have strong experience with security operations, compliance management, application security testing, infrastructure auditing, and risk mitigation in enterprise environments.

Key Responsibilities

• Implement and manage enterprise Data Security Management and Operations models.
• Establish and maintain security compliance standards including, but not limited to:
  • NIST
  • FIPS
  • FedRAMP
  • HIPAA
  • HITRUST
  • GDPR
• Collaborate with internal privacy, compliance, infrastructure, QA, and application teams to ensure adherence to organizational security standards.
• Coordinate with auditors and stakeholders to provide compliance documentation and implement remediation efforts as needed.
• Implement processes and tools for application vulnerability testing including SAST and DAST.
• Establish and manage enterprise vulnerability management programs, including:
  • Penetration testing coordination
  • Vulnerability remediation tracking
  • Security compliance reporting
• Define penetration testing requirements and coordinate with third-party vendors as necessary.
• Support infrastructure audits and security reporting activities.
• Maintain system integrity and security using industry-standard IT controls and best practices.
• Implement automation for systems administration and software migration processes across QA and production environments.
• Provide architecture and configuration recommendations to ensure secure and compliant hosted/deployed environments.
• Evaluate, recommend, and support security and audit tools.
• Troubleshoot security and infrastructure issues across environments and collaborate with cross-functional teams for timely resolution.
• Provide technical guidance and security recommendations to internal teams and stakeholders.
• Support 24x7 production operations and participate in on-call rotations as required.
• Deliver security and compliance training to technical teams.
• Drive continuous process improvement initiatives related to security operations and compliance.

Required Skills & Experience

• Strong experience with regulatory and security frameworks including:
  • HIPAA
  • HITRUST
  • GDPR
  • NIST
  • FedRAMP
• Proven experience designing and implementing security controls across complex enterprise environments.
• Strong understanding of application security, infrastructure security, and risk management.
• Experience with vulnerability management, penetration testing, and remediation processes.
• Ability to identify security risks and provide practical remediation recommendations.
• Strong analytical, troubleshooting, and critical thinking skills.
• Excellent verbal, written, and interpersonal communication skills.
• Ability to communicate technical risks effectively to leadership and non-technical stakeholders.
• Detail-oriented with strong collaboration and teamwork abilities.
• Ability to work flexible hours including evenings/weekends when required.

Qualifications

• 10+ years of IT experience with at least 5+ years in a Security Manager, Security Officer, or related leadership role.
• Bachelor’s degree in Information Technology, Computer Science, or related field (or equivalent experience).
• Preferred certifications:
  • CISSP
  • CISA
  • CISM
  • CCSP
• Preferred experience with AWS security and compliance services.

Preferred Technologies / Areas

• Application Security (SAST/DAST)
• Vulnerability Management Platforms
• Penetration Testing Coordination
• Cloud Security (AWS preferred)
• Security Automation
• Compliance & Governance Frameworks
• Infrastructure Security Auditing