×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity IT Consultant

Application Security Manager

Job in Guildford, Surrey County, GU1, England, UK
Listing for: Unily
Full Time position
Listed on 2025-10-29
Job specializations:
  • IT/Tech
    Cybersecurity, IT Consultant
Job Description & How to Apply Below

Unily partners with the world’s largest and most complex enterprises to power Organizational Velocity through digital Employee Experience transformation. Iconic brands, including Estée Lauder Companies, CVS Health, and British Airways, use Unily’s market-leading Employee Experience platform to improve productivity, streamline communication, and foster a highly connected workplace.

Unily is the only triple leader recognized by all three of the major analysts. Unily is recognized as a Leader in the 2024 Gartner®Magic Quadrant™for Intranet Packaged Solutions, the 2024 Forrester Wave™:
Intranet Platforms, and the IDC Market Scape:
Worldwide Experience-Centric Intelligent Digital Work spaces 2024. With these accolades, we continue to grow and expand our employee community with people who are passionate about joining us on this exciting journey.

Job Purpose

As we continue to expand our market share in the rapidly emerging Employee Experience platform category, we are looking for an Application Security Manager. This role is responsible for building and executing a comprehensive application security programme that combines strategic oversight with hands-on technical execution. The Application Security Manager ensures that security is embedded throughout the software development lifecycle (SDLC), enabling Unily to deliver secure products at speed.

The Application Security Manager will define and enforce secure development policies and practices, establish privacy by design principles, and mange the risk and escalation process. They will actively engage in technical assurance activities such as threat modelling, application testing, dependency analysis, cloud and container security assessments and CI/CD pipeline hardening.

The role will act as both a strategic partner to leadership and a trusted advisor to engineering teams, being a customer facing point of contact when required.

Main Responsibilities
  • Define and maintain secure development policies and privacy by design requirements
  • Own the risk acceptance and escalation process, maintaining the risk register
  • Develop and measure the application security strategy levering frameworks such as OWASP SAMM
  • Support RFPs and sales responses on application security matters
  • Lead and coordinate external penetration testing engagements and remediation follow up
  • Drive risk-based prioritisation, assigning and validating CVSS scores
  • Deliver and manager secure development training programs
  • Conduct and facilitate threat modelling and architecture and design security reviews
  • Perform or coordinate application security testing
  • Generate and manage software bills of materials (SBOMs) to manage supply chain risks
  • Ensure build verification and oversee IaC and container/Kubernetes scanning within pipelines
  • Provide guidance on secure cloud-native architectures
  • Evaluate and apply security testing tools and techniques (e.g. Burpsuite, fuzzing, IaC scanners, Static Analysers)
  • Contribute to security metrics, reports and dashboards
  • Collaborate with engineering, operations and product teams to embed security best practices throughout the whole SDLC
Requirements
  • Proven experience in application security
  • Strong knowledge of secure software development practices, Dev Sec Ops  and CI/CD security integration
  • Hands on experience with application security testing tools and techniques (e.g. SAST, DAST, Dependency checkers, IaC scanners, secret detection, container security tools)
  • Understanding of threat modelling, architecture and design reviews and offensive security principles
  • Familiarity with compliance and regulatory frameworks
  • Experience with risk acceptance processes, CVSS scoring and vulnerability management
  • Experience managing external penetration testing vendors
  • Familiarity with SBOMs and software supply chain security
  • Strong background in cloud and container security
  • Ability to communicate with technical and non-technical stakeholders
  • Knowledge of data privacy regulations and GDPR, and how they intersect with application security
  • Certifications such as CISSP, CSSLP, OSWE, OSCP or equivalents
  • Degree in computer science, cyber security, related fields or equivalent experience

We are united by a shared purpose and…

Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search