×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Security Manager Cloud Computing Systems Engineer

Senior Manager, Application Security

Job in New York, New York County, New York, 10261, USA
Listing for: Simpson Thacher & Bartlett LLP
Full Time position
Listed on 2026-06-06
Job specializations:
  • IT/Tech
    Cybersecurity, Security Manager, Cloud Computing, Systems Engineer
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below
Location: New York

Job Summary

The Senior Manager, Application Security is responsible for defining, leading, and operationalizing the firm’s application security program across internally developed applications, SaaS platforms, APIs, databases, generative AI platforms, and emerging application architectures. This role partners closely with application engineering, cloud, and platform teams to embed security into the software development lifecycle while enabling teams to deliver securely at scale.

Job Duties & Responsibilities
  • Develop, execute, and continuously mature the enterprise application security strategy in alignment with industry best practices, regulatory requirements, and client contractual obligations.
  • Define and maintain secure application development standards for internally developed software, third-party applications, APIs, SaaS platforms and containerized workloads.
  • Establish minimum security requirements for application authentication, authorization, encryption, secrets handling, and data protection.
  • Define, maintain, and enforce secure SDLC and Dev Sec Ops  standards across all development teams.
  • Integrate application security controls into CI/CD pipelines, developer platforms, and engineering workflows with a focus on automation and scalability.
  • Partner with Application Engineering and Dev Ops teams to embed automated security testing and preventive controls while maintaining security ownership of policy and enforcement.
  • Evaluate, select, implement, and manage the full lifecycle of application security tooling including:
    • SAST, DAST, SCA, and API security testing platforms
    • Container image scanning and registry security tooling
    • Kubernetes security and runtime protection solutions
    • Software supply chain security tooling
  • Design and implement integrations between application security tooling and developer workflows to minimize friction and maximize adoption.
  • Design and build automation to support application security processes including:
    • Orchestrated automated security testing.
    • Vulnerability triage and prioritization workflows
    • Developer feedback loops and ticketing system integrations
    • Exception handling, risk acceptance, and policy waiver workflows
    • Security metrics and pipeline telemetry
  • Identify and assess application security risks including vulnerable dependencies, insecure authentication patterns, data exposure risks, and insecure configuration.
  • Perform and support threat modeling, architecture reviews, and secure design assessments for high-risk, or business critical applications.
  • Support the security review, onboarding, and ongoing risk management of third-party and SaaS applications.
  • Develop and maintain metrics, dashboards, and reporting to measure application security posture, testing coverage, and vulnerability remediation effectiveness.
  • Provide application security subject matter expertise during security incidents, investigations, and post-incident remediation efforts.
  • Lead, mentor, and develop a team of application security engineers, fostering strong technical depth and career growth.
  • Partner with engineering leadership to drive secure-by-design development practices and shared accountability for risk reduction.
  • Communicate application security risks, tradeoffs, and recommendations clearly to both technical and executive stakeholders.
  • Promote a developer-friendly security culture focused on automation, guardrails, measurable risk reduction, and engineering velocity.
  • Stay current on emerging application threats, attack techniques, and defensive technologies, and apply this knowledge to continuously improve program effectiveness.
Education

Required

  • Bachelor’s degree in information security, IT, risk management, related discipline, or equivalent experience

Preferred

  • Professional certifications such as CISSP, CISM, or similar
Skills And Experience
  • 10+ years of progressive experience in application security, product security, or software security engineering roles
  • Hands-on experience securing modern application ecosystems, including web applications, APIs, microservices, cloud-native workloads, container, and Kubernetes platforms
  • Demonstrated success building, scaling, and operating enterprise-grade Application Security…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search