Application Security Manager

About the Role: Liminal is seeking an experienced and technically strong Application Security Manager to lead and mature our application security program. The ideal candidate will have 710 years of relevant experience, a deep understanding of secure software development, and the ability to work independently while collaborating with cross-functional teams. You will be responsible for integrating security into the software development lifecycle, managing application security initiatives, and enabling secure innovation across the organization.
Responsibilities
Program Leadership:

• Lead and manage the application security program, aligning with the overall security strategy and business objectives.
  

Secure SDLC Integration

• Integrate security tools, standards, and processes into the product lifecycle (SDLC, CI/CD), ensuring security is embedded from design through deployment.
  

Security Assessments & Testing

• Oversee and conduct application security assessments, including static and dynamic analysis, manual and automated penetration testing, and code reviews.
  

Vulnerability Management

• Manage the process for identifying, prioritizing, and remediating application vulnerabilities in collaboration with engineering and product teams.
  

Threat Modeling & Risk Analysis

• Lead threat modeling and risk analysis activities for new and existing applications, ensuring security requirements are defined and addressed early in the development process.
  

Policy & Standards Development

• Develop, maintain, and improve secure development standards, policies, and guidelines; ensure compliance with regulatory and industry standards (e.g., PCI, SOX, ISO27001).
  

Incident Response Support

• Provide application security expertise during incident response and architecture review processes as needed.
  

Training & Awareness

• Train and mentor developers, QA, and other stakeholders on secure coding practices, secure design, and emerging threats.
  

Metrics & Reporting

• Produce and communicate metrics and reports on the state of application security, including program effectiveness and development team performance against security requirements.
  

Vendor & Third-Party Security

• Looking to get Placed? Try our Placement Guarantee Plan

  Get Hired
  Support vendor security reviews to ensure third-party software and services meet organizational security standards.
  

Desired Candidate Profile

• 710 years of experience in application security, software development, or related roles, with a strong track record managing or leading application security programs.
• Deep understanding of common application vulnerabilities (e.g., OWASP Top 10), secure coding practices, and application security testing methodologies.
• Hands-on experience with security tools such as SAST, DAST, IAST, SCA, and penetration testing frameworks.
• Proficiency in at least one major programming language (e.g., Java, C/C++, JavaScript) and familiarity with modern development and testing tools (e.g., Git, JIRA, Maven).
• Experience integrating security into agile and waterfall development processes.
• Strong leadership, communication, and stakeholder management skills, with the ability to influence and educate both technical and non-technical audiences.
• Experience with regulatory and industry standards (PCI, SOX, ISO27001, etc.).
• Ability to translate security and risk concepts into actionable requirements for diverse audiences.
  

Preferred Qualifications

• Relevant certifications (e.g., CISSP, CISM, OSCP, CSSLP, SANS GIAC)
• Experience managing budgets and multi-year roadmaps for security initiatives
• Background in highly regulated industries (e.g., financial services) is a plus.
• Experience with cloud-native application security and DevSecOps practices.