Senior Manager, Application Security; Remote
Santa Ana, Orange County, California, 92725, USA
Listed on 2026-06-22
-
IT/Tech
Cybersecurity
Job Summary
First American is seeking a Senior Manager, Application Security to grow our team. This role requires strong security engineering expertise combined with people leadership to build and scale enterprise application security programs. Remote or hybrid candidates are welcome.
Responsibilities- Define, build, and evolve the enterprise Application Security (App Sec) strategy and roadmap aligned to business priorities and risk posture.
- Own and scale the App Sec program, including secure SDLC standards, policies, and governance across all applications and platforms.
- Partner with engineering and platform teams to integrate security into CI/CD pipelines, tooling, and developer workflows.
- Drive threat modeling, security architecture reviews, and vulnerability management to identify and mitigate application-layer risks.
- Evaluate, implement, and optimize App Sec tooling (SAST, DAST, SCA, API security, container security) and automate security processes at scale.
- Build, mentor, and lead a high‑performing team of application security engineers and specialists.
- Collaborate with Engineering, Product, Cloud, Infrastructure, and GRC teams to embed security into product design and delivery.
- Establish and track key security metrics to measure program effectiveness and communicate risk posture to leadership.
- Ensure applications meet security, regulatory, and audit requirements while supporting internal and external assessments.
- Promote a developer‑centric security culture through education, training, and security best practice adoption.
- 8+ years of experience in application security, security engineering, or related cybersecurity roles.
- 3+ years of experience leading or managing teams in a security or engineering organization.
- Strong expertise in secure application development, including secure coding, threat modeling, and SDLC integration.
- Deep understanding of modern application architectures (microservices, APIs, cloud‑native, distributed systems).
- Experience implementing Dev Sec Ops practices and integrating security into CI/CD pipelines.
- Hands‑on experience with application security tools (SAST, DAST, SCA, container security, API security).
- Demonstrated ability to assess and prioritize risk, and drive remediation across engineering teams.
- Strong cross‑functional communication and stakeholder management skills.
- Proven ability to influence engineering teams and drive adoption of security practices.
- Bachelor's degree in computer science, Information Security, or related field (or equivalent experience).
- Operating in a regulated environment (financial services, fintech, or similar).
- Experience with cloud platforms (AWS, Azure, or GCP) and cloud security best practices.
- Experience with Zero‑Trust architecture and modern identity/security models.
Note that the following statements only apply to candidates who will be working from an unincorporated area within Los Angeles County.
First American will consider for employment all qualified applicants, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws (e.g., the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act).
First American intends to conduct a review of an applicant's criminal history in connection with a conditional offer. The company reasonably believes that a criminal history may have a direct adverse effect on material job duties such as handling confidential information, administering financial transactions, and meeting customer‑imposed criminal history requirements, which may lead to withdrawal of a conditional offer.
First American is an equal opportunity employer in every sense of the term.
BenefitsBased on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401(k), PTO/paid sick leave, and an employee stock purchase plan.
#J-18808-Ljbffr(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).