Manager, Application Security

Job Description: • Lead and Mentor a High-Performing Team: Hire, develop, and retain top engineering talent. Foster a culture of technical excellence and ownership while providing coaching, career guidance, and performance management for your direct reports. • Champion "Shift-Left" Security: Partner with development teams to embed security into the CI/CD process. Advocate for and operationalize automated security tooling (SAST, DAST, SCA) to provide developers with fast, actionable feedback. • Manage External Security Assessments: Oversee the strategy and operations for both the Responsible Disclosure program and third-party penetration testing. You will handle scoping, vendor management, triage, and the facilitation of remediation with internal engineering teams. • Advise on Customer-Facing Security Features: Collaborate with Product and Engineering teams to provide technical feedback and security requirements for customer-facing features (e.g., encryption controls, audit logging, identity management). You will ensure we are building product capabilities that solve security challenges for our customers. • Execute the Security Roadmap: Collaborate with leadership to implement the strategy for security infrastructure and automation. Ensure your team’s work aligns with business objectives and effectively reduces risk. • Drive Security Automation: Prioritize the engineering of automated solutions for threat detection and vulnerability management. Ensure your team builds tools that allow us to respond to threats at machine speed. • Enable Incident Response & Compliance: Oversee the team's participation in incident response activities and ensure technical controls support continuous compliance with frameworks such as FedRAMP, SOC 2, and ISO 27001. Requirements: • 7+ years of progressive experience in technology, with at least 1-2 years in a management or team lead role for a technical team (AppSec, DevSecOps, or Site Reliability Engineering). • Technical Background: A BS/MS in Computer Science or equivalent experience, with a strong background in scripting/programming (Python, Go, or Java) and agile development. • AppSec & Cloud Expertise: Experience with modern application security toolchains (SAST, DAST), vulnerability management, and cloud environments (preferably AWS). • Framework Knowledge: Familiarity with application security requirements for regulated markets (e.g., FedRAMP, HIPAA, SOC2). • Collaboration Skills: Proven ability to build partnerships between engineering/development and security teams, influencing them to adopt best practices. • Communication Skills: Demonstrates the ability to communicate clearly and effectively, both in writing and verbally, with technical and non-technical stakeholders. • Planning and Execution: Ability to translate strategy into actionable plans, manage timelines, and ensure reliable execution. • Decision-Making and Judgment: Ability to make timely, well-reasoned decisions with incomplete information, balancing security risk, business impact, and delivery timelines. Benefits: • HSA, 100% employer-paid premiums, or Buy-up medical/vision and dental coverage options for full-time employees • 401k Match to help you save for your future (50% of your contribution up to the first 6% of your eligible pay) • Monthly stipend to support your work and productivity • Flexible Time Away Program, plus Sick Time Off • US employees are automatically covered under Smartsheet-sponsored life insurance, short-term, and long-term disability plans • US employees receive 12 paid holidays per year • Up to 24 weeks of Parental Leave • Personal paid Volunteer Day to support our community • Opportunities for professional growth and development including access to Udemy online courses • Company Funded Perks, including a counseling membership, local retail discounts, and your own personal Smartsheet account • Teleworking options from any registered location in the U.S. (role specific) Apply tot his job