CrawlJobs Logo

Manager Application Security

citizensbank.com Logo

Citizens Bank

Location Icon

Location:
United States , Johnston

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Employment contract

Salary Icon

Salary:

133000.00 - 190000.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

Manager, Application Security Hybrid Work Arrangement Hybrid work arrangement required with 4 days on site and 1 remote in one of our organizational hubs, Iselin, NJ - Johnston, RI - Westwood OR Boston, MA The Manager, Application Security is responsible for leading, scaling, and maturing enterprise application security capabilities across a complex technology environment. This role owns the application security program end to end, ensuring secure software development practices are embedded into the SDLC while balancing regulatory, risk, and business requirements. As part of the cybersecurity organization, this role partners closely with engineering, platform, cloud, DevOps, and risk teams to drive measurable risk reduction without slowing delivery.

Job Responsibility:

  • Lead the enterprise application security program across web, API, and mobile platforms
  • Define and execute the application security vision, strategy, and roadmap aligned to business and risk objectives
  • Establish and enforce application security standards, secure coding practices, and control requirements
  • Partner with engineering leadership to embed security into architecture, design, and delivery decisions
  • Oversee integration of application security testing tools, including SAST, DAST, and SCA, into CI CD pipelines
  • Lead application security assessments and risk based remediation planning
  • Provide threat informed guidance to engineering teams on high risk vulnerabilities and design patterns
  • Collaborate with vulnerability management, cloud security, and infrastructure teams to drive cohesive risk reduction
  • Establish governance, metrics, and reporting to measure application security maturity and effectiveness
  • Represent application security in audit, regulatory, and risk management engagements
  • Translate technical security risks into clear, business relevant insights for senior leaders
  • Build, mentor, and develop application security engineers and subject matter experts
  • Continuously improve tooling, automation, and processes to scale AppSec capabilities efficiently

Requirements:

  • 10 plus years of cybersecurity experience with a strong focus on application security
  • 5 plus years of people or program leadership experience operating an application security program in an enterprise environment
  • Deep understanding of application security risks, including OWASP Top 10 and API security threats
  • Hands on experience with modern SDLC, CI CD, and DevSecOps practices
  • Experience implementing and managing application security testing tools and processes
  • Ability to assess application architecture, design patterns, and authentication and authorization models
  • Strong experience partnering with engineering teams to drive secure by design outcomes
  • Excellent written and verbal communication skills, including executive level reporting
  • Proven ability to influence engineering, product, risk, and compliance stakeholders
  • Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or a related field

Nice to have:

  • Experience in highly regulated industries such as financial services or healthcare
  • Familiarity with cloud native and microservices based architectures
  • Experience with API security platforms and runtime visibility tools
  • Background in penetration testing or threat modeling
  • Experience defining application security metrics, KPIs, and maturity models
  • Preferred certifications include CISSP, CISM, CISA, GPEN, or equivalent
What we offer:
  • comprehensive medical, dental, and vision coverage
  • retirement benefits
  • maternity and paternity leave
  • flexible work arrangements
  • education reimbursement
  • wellness programs

Additional Information:

Job Posted:
May 05, 2026

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Citizens Bank - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Manager Application Security

Security and Application Security Engineer

Beacon Technologies is seeking a Security and Application Security Engineer. The...
Location
Location
United States , Las Vegas
Salary
Salary:
Not provided
beacontechinc.com Logo
Beacon Technologies
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of five years of Information Security experience with at least two years of application-level security
  • Strong communication skills: ability to convey and document security guidelines, requirements, and coding best practices
  • Familiarity with Security Best Practices in common coding languages
  • Application Penetration Testing / API Security Testing
  • Software Development Life Cycle Design and Implementation
  • Static and Dynamic Application Testing Tools and Methods
  • Container and orchestration security (Kubernetes, Docker, Octopus, GitHub, etc.)
  • Familiarity with Application Security Testing Frameworks such as OWASP
  • Strong logical and analytical thinker
  • exceptional skills in security systems solutions
Job Responsibility
Job Responsibility
  • Operate as a liaison between the Security Team and the Development Teams
  • Preserve PCI and SOX Security Certification programs with a primary focus on ensuring compliance with the appropriate industry standards and security controls
  • Supporting incident response and architecture review whenever applications security expertise is needed
  • Integrating threat modeling practices into the SDLC
  • Work with other staff to perform periodic scans and evaluation of system security including areas such as patch management, penetration testing, vulnerability assessments, and other types of InfoSec-related tasks
  • Assist in identifying and communicating security exposures, information security incidents or non-compliance situations to IT management or the CISO as appropriate. Duties may also include collecting and documenting cyber security and incident response event data as necessary.
What we offer
What we offer
  • Career advancement opportunities
  • extensive training
  • excellent benefits including paying for health and dental premiums for salaried employees.
  • Fulltime
Read More
Arrow Right

Director of Application Security

Hewlett Packard Enterprise is seeking a Director of Application Security to defi...
Location
Location
United States
Salary
Salary:
164500.00 - 398500.00 USD / Year
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in cybersecurity, with at least 5+ years leading an application security function
  • demonstrated experience working at an enterprise-level organization with large-scale systems, processes, or operations
  • proven success in building and scaling application security programs in large, complex technology environments
  • deep understanding of secure software development practices, DevSecOps, and CI/CD tooling
  • threat modeling, code analysis, and vulnerability management
  • OWASP Top 10, SANS Top 25, and modern application security risks
  • experience with risk management frameworks (NIST CSF, ISO 27001, etc.) and regulatory requirements (SOX, GDPR, HIPAA, etc.)
  • Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience)
  • CISSP, CSSLP, or other relevant security certifications preferred.
Job Responsibility
Job Responsibility
  • define and execute the enterprise application security strategy aligned with business objectives and regulatory requirements
  • build, mentor, and grow a high-performing Application Security team
  • act as a trusted security advisor to engineering and product executives
  • develop and mature programs for secure software development
  • establish policies, standards, and patterns to deliver secure products at scale
  • partner with engineering, DevOps, and cloud teams to embed security tooling into CI/CD pipelines
  • lead developer outreach efforts
  • engage with product management to incorporate security requirements into roadmaps
  • drive the integration of an application security risk register
  • measure and report on the maturity and effectiveness of the AppSec program using KPIs and KRIs
What we offer
What we offer
  • comprehensive suite of benefits supporting physical, financial and emotional wellbeing
  • investment in personal and professional development
  • programs catered to career growth
  • unconditional inclusion
  • flexibility to manage work and personal needs.
  • Fulltime
Read More
Arrow Right

Application Security Engineer

In the HPE Hybrid Cloud, we lead the innovation agenda and technology roadmap fo...
Location
Location
India , Hyderabad
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Security, or a related field
  • 5+ years of experience in application security, including hands-on experience with security testing tools and techniques
  • Strong understanding of web application security concepts, including OWASP Top 10 vulnerabilities and secure coding practices
  • Experience with security testing tools such as Burp Suite, OWASP ZAP, and code analysis tools like SonarQube or Checkmarx, Snyk
  • Proficiency in at least one programming language (e.g., Java, Python, JavaScript) and ability to review and understand code
  • Familiarity with software development methodologies (e.g., Agile, DevOps) and their impact on security practices
  • Excellent analytical and problem-solving skills, with attention to detail
  • Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams
  • Certifications such as CISSP, CEH, or CASE (Java), or equivalent
  • Demonstrated ability to work independently and prioritize tasks in a fast-paced environment
Job Responsibility
Job Responsibility
  • Conduct thorough security assessments of applications, identifying vulnerabilities and weaknesses in code, architecture, and configurations
  • Collaborate closely with development teams to integrate security best practices into the software development lifecycle (SDLC) and ensure secure coding standards are followed
  • Perform regular security testing, including static code analysis, dynamic application scanning, and penetration testing, to identify and mitigate security risks
  • Analyze security incidents and provide timely response and remediation actions to mitigate potential threats
  • Develop and maintain security documentation, including security requirements, design documents, and security testing reports
  • Assist in the design and implementation of security controls and mechanisms to protect sensitive data and critical systems
  • Stay up-to-date with emerging security threats and industry best practices, and recommend security enhancements and controls accordingly
  • Provide security guidance and support to cross-functional teams, including developers, architects, and project managers
  • Participate in security reviews and audits, ensuring compliance with security policies, standards, and regulatory requirements
  • Collaborate with third-party vendors and partners to assess the security posture of integrated systems and applications
What we offer
What we offer
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

This role involves embedding security into software delivery pipelines, designin...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5–8+ years of experience in Application Security, Product Security, or Secure Software Development
  • hands-on experience securing software delivery pipelines (CI/CD) and source code repositories (GitHub, GitLab, Jenkins)
  • knowledge of supply chain security frameworks and controls (e.g., SLSA, NIST SSDF)
  • familiarity with secrets management, artifact signing (Sigstore, Cosign), and build integrity practices
  • hands-on experience with WAF tuning, API security controls, and vulnerability remediation
  • proficiency with one or more programming languages (Python, Java, Go, JavaScript/Node.js)
  • experience with SAST, DAST, SCA, and container image scanning tools
  • cloud security experience with AWS, Azure, or GCP
  • deep understanding of OWASP Top 10 (Web + API), CWE, and secure coding practices
Job Responsibility
Job Responsibility
  • secure SDLC & DevSecOps integration
  • design and implement security controls for build and release pipelines (GitHub Actions, Jenkins, GitLab, Azure DevOps)
  • ensure code integrity via signing, artifact scanning, and build provenance
  • automate SAST, DAST, SCA, and container image scanning as part of the software delivery pipeline
  • identify and remediate misconfigurations in pipeline environments and access control
  • design, implement, and monitor WAF rules and API protections
  • perform API risk assessments
  • champion secure design patterns
  • conduct secure code reviews and support automation of testing pipelines
  • triage, prioritize, and track security issues identified in code, pipelines, and deployed environments
What we offer
What we offer
  • comprehensive suite of benefits that supports physical, financial and emotional wellbeing
  • programs catered to helping you reach career goals
  • inclusive work environment
  • Fulltime
Read More
Arrow Right

Senior Product Security Manager

As a Senior Product Security Manager, you will play a key role in driving and ma...
Location
Location
Australia
Salary
Salary:
Not provided
https://www.atlassian.com Logo
Atlassian
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3+ years working in security or related role
  • 2+ years managing a team
  • Experience with application security, especially web application security
  • Experience in cloud security architecture and infrastructure
  • Experience in data protection and privacy
  • Experience coding in Java, Python, or Go, and at least one scripting language
  • Experience reasoning about security decisions
  • Experience leading projects from start to finish and mentoring other security practitioners
  • Experience collaborating with engineers
  • Bachelor's or Master’s degree in Information Security, Computer Science, or a related field
Job Responsibility
Job Responsibility
  • Product Security Leadership: Collaborate to execute and drive aspects of the Product Security Strategy, ensuring alignment with global objectives and smooth integration into the product development lifecycle
  • Team Management: Lead and mentor a team of technical professionals, fostering a culture of security and collaboration
  • Security Oversight: Implement and enforce security standards, policies, and procedures for product development, collaborating on risk assessments and mitigation strategies
  • Collaboration and Communication: Foster a security-focused culture within the product development process, communicating updates, risks, and strategies to executive leadership and stakeholders
  • Leadership Development: Mentor and develop security practitioners, contributing to large-scale security projects and ensuring successful implementation
What we offer
What we offer
  • Health and wellbeing resources
  • Paid volunteer days
Read More
Arrow Right

Staff Application Security Engineer

As a Staff Application Security Engineer at Culture Amp, you will play a pivotal...
Location
Location
Australia , Sydney
Salary
Salary:
Not provided
cultureamp.com Logo
Culture Amp
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in application security engineering, with a proven track record of leading security initiatives in SaaS or cloud-native environments
  • Deep technical expertise in secure software development, secure coding practices, and common security frameworks (e.g., OWASP Top 10, NIST, PCI, SOC 2)
  • Proficiency in multiple programming languages (e.g., Ruby, Python, JavaScript, Go) and experience with modern web application architectures and cloud platforms (e.g. AWS)
  • Strong knowledge of security automation, CI/CD integration, and DevSecOps practices
  • Experience designing and implementing security tools, frameworks, and processes that scale with developer velocity
  • Demonstrated ability to lead and influence cross-functional teams, drive change, and deliver results in ambiguous or complex environments
  • Excellent communication skills, with the ability to explain complex security concepts to technical and non-technical audiences
  • Experience mentoring and developing engineers, and a passion for building a culture of security and continuous improvement
  • Familiarity with security-related compliance requirements and standards relevant to SaaS businesses
Job Responsibility
Job Responsibility
  • Lead and drive the most complex and high-impact application security reviews, threat modeling, and risk assessments across our product portfolio, providing expert guidance and direction for other team members
  • Collaborate with engineering, product, and platform teams to embed security into the SDLC, including secure design, code review, and automated security testing (DevSecOps)
  • Develop and scale security automation, tools, and centralized libraries that enable developers to build secure applications efficiently and at scale
  • Proactively identify, assess, and address security risks and vulnerabilities in our SaaS environment, including cloud-native and microservices architectures
  • Own and evolve our vulnerability management programs, ensuring timely triage, remediation, and communication of security issues
  • Mentor and support engineers across the organization, fostering a culture of security awareness, knowledge sharing, and continuous learning
  • Influence and drive cross-functional security initiatives, partnering with compliance, privacy, and infrastructure teams to meet regulatory and customer requirements (e.g., SOC 2, ISO 27001, OWASP)
  • Stay current with the latest security threats, technologies, and best practices, and advocate for their adoption within Culture Amp
  • Represent Culture Amp’s security expertise internally and externally, including supporting customer security reviews and contributing to the broader security community
What we offer
What we offer
  • Employee Share Options Program
  • Programs, coaching, and budgets to help you thrive personally and professionally
  • Access to external providers for mental wellbeing and coaching support
  • Monthly Camper Life Allowance
  • Team budgets dedicated to team building activities and connection
  • Intentional quarterly wellbeing pauses
  • Extended year-end breaks
  • Excellent parental leave and in work support program available from day 1
  • 5 Social Impact Days a year
  • MacBooks for you to do your best & a work from home office budget
  • Fulltime
Read More
Arrow Right

Application Manager

The Application Manager is responsible for taking ownership of SaaS application ...
Location
Location
Hungary , Budapest
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3-5 years of relevant experience
  • Experience in managing and implementing successful projects
  • Solid grasp of industry vulnerability ratings and classifications
  • Ability to take ownership and make technical decisions on a wide range of compliance and functional requirements
  • Skill in managing unexpected and urgent matters in a rapidly evolving environment
  • Experience with dependency management, change management, and audit/compliance requirements
  • Outstanding aptitude in task and deadline management
  • Demonstrated leadership skills, especially in circumstances when ‘leading without authority’ is required
  • Consistently demonstrates clear and concise written and verbal communication in English
  • Microsoft365 proficiency
Job Responsibility
Job Responsibility
  • Working with a team of Applications Development professionals to accomplish established goals and conduct personnel duties for team (e.g. performance evaluations, training and development, hiring and disciplinary actions) as well as act as an advisor or coach to mid-level developers and analysts
  • Leverage skills across multiple teams ensuring compliance with all Citi policies
  • Develop a sound familiarity with multiple information security domains and how they are implemented at Citi
  • Drive a wide range of tasks from scheduling vulnerability assessments and working with external parties to have all findings remediated, coordinating continuity of business testing, maintaining identity and access management best practices, and ensuring that AI/ML risk remains within Citi’s risk appetite
  • Utilize in-depth specialty knowledge of applications development to analyze complex problems/issues, provide evaluation of business processes, system processes, and industry standards, and make evaluative judgement
  • Contribute to planning, formulation of procedures, and process development, negotiating with external parties when necessary
  • Prioritize vulnerability remediation for internally hosted assets
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.
What we offer
What we offer
  • Global Benefits
  • We bring the best to our people. We put our employees first and provide the best-in-class benefits they need to be well, live well and save well.
  • Fulltime
Read More
Arrow Right

Security Manager

At Sopra Steria, the Security Manager will lead large projects focused on inform...
Location
Location
Belgium , Brussels
Salary
Salary:
Not provided
https://www.soprasteria.com Logo
Sopra Steria
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum 10 years of IT professional experience, of which 5 years of experience in IT Security and project management
  • Proven experience in project management
  • Strong technical background and experience in IT security implementations and security governance, risk and compliance
  • Strong understanding of security stakeholders jobs such as infrastructure and network management, application development, IT architecture, project management
  • CISA, CISSP, Prince2, PMBOK certifications or equivalent are an asset
  • Team spirit and good communication skills
  • Ability to work in a multi-cultural environment, open-minded and polyvalent
  • Education: Bachelor’s or Master’s degree in computer science
  • Languages: Fluency in English, French and/or Dutch is a plus
Job Responsibility
Job Responsibility
  • Lead teams of security consultants, architects and engineers
  • Manage the customer relationship in terms of service delivery, detection and generation of needs, and proposal of added-value solutions
  • Take part to the strategic planning for all IT Security activities
  • Propose security architectures (analysis of needs, recommendations and writing of technical offers)
What we offer
What we offer
  • Extensive career development opportunities, both local and international
  • Dynamic network of 56,000 professionals
  • Part of a major Tech player in Europe recognised for consulting, digital services, and software development
  • Fulltime
Read More
Arrow Right