Senior Application Security Engineer
Canary Technologies$150,000 - $220,000/year
Full Time
Senior (5 to 8 years)
Not SpecifiedCompensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
FinanceIndustries
Requirements
- Bachelor’s degree in Computer Science, Engineering, or related field
- 7+ years of professional experience in Security Management, Application Security, or ML Security
- Proven leadership experience in IT Security and governance
- Hands-on experience with SAST, DAST, SCA tools
- Familiarity with secure ML lifecycle practices (MLSecOps)
- Strong understanding of secure SDLC, application security testing, and supply chain security
- Experience with MLSecOps practices and securing AI/ML pipelines
- Familiarity with industry frameworks: OWASP SAMM, BSIMM, SLSA, NIST SSDF
- Experience with cloud platforms (AWS, Azure, GCP) and cloud-native security practices
- Ability to work independently and define strategic direction without supervision
- Excellent communication, leadership, and stakeholder management skills
- Certifications such as CISSP, CISM, CSSLP, or equivalent (preferred)
- Experience with one or more programming languages such as Python, Java, C#, C++, etc
Responsibilities
- Set high-level strategy and direction for secure software development and supply chain practices, while establishing clear expectations, goals, and success metrics
- Collaborate with cybersecurity experts, technology teams, suppliers, and business leaders to define and enforce controls that protect enterprise assets and critical systems
- Mentor and lead a global team of application security professionals to implement security tools for dynamic scanning, and to protect software supply chain, APIs, and AI/ML applications
- Collaborate with development teams to integrate security tools, standards, and processes into the Secure Software Development Lifecycle (SSDLC)
- Implement and manage security tools within CI/CD pipelines to automate vulnerability detection and remediation
- Lead secure software supply chain initiatives including SBOM generation, artifact signing and provenance, and alignment with industry standards
- Craft and deploy application security tools, processes, and documentation to support alignment with OWASP Top 10, Industry Standards, Current Events, and Best-Practices
- Define governance procedures and provide strategic recommendations on security policies for secure application and ML model development
- Partner with platform and product teams to triage and remediate threats and vulnerabilities across web, mobile, backend, and ML systems
- Create and maintain documentation for integrated security processes, controls, and incident response playbooks
- Develop and maintain a technical roadmap for security tooling and controls to stay ahead of evolving threats
- Translate technical security strategies into business-aligned objectives for product and executive leadership
- Establish a governance framework to benchmark program maturity and team performance
- Stay current on emerging threats, including adversarial ML risks, and lead knowledge-sharing sessions across the organization
Skills
Key technologies and capabilities for this role
Questions & Answers
Common questions about this position
What qualifications and experience are required for the Manager, Application Security role?
A Bachelor’s degree in Computer Science, Engineering, or related field is required, along with 7+ years of professional experience in Security Management, Application Security, or ML Security, proven leadership in IT Security and governance, and hands-on experience with SAST, DAST, SCA tools. Familiarity with secure ML lifecycle practices (MLSecOps) is also needed.
What are some of the desired skills for this position?
Desired skills include strong understanding of secure SDLC, application security testing, and supply chain security; experience with MLSecOps and securing AI/ML pipelines; familiarity with OWASP SAMM, BSIMM, SLSA, NIST SSDF; cloud platforms like AWS, Azure, GCP; and programming in Python, Java, C#, or C.
Is this a remote position, or is there a location requirement?
This information is not specified in the job description.
What is the salary or compensation for this role?
This information is not specified in the job description.
What leadership responsibilities does this role involve?
The role requires mentoring and leading a global team of application security professionals, setting high-level strategy, establishing goals and metrics, and providing strategic recommendations on security policies.
Vanguard
Client-owned investment management firm offering low-cost funds
About Vanguard
Vanguard provides financial services with a focus on investment management. The company offers a variety of products, including mutual funds, exchange-traded funds (ETFs), individual retirement accounts (IRAs), and 401k rollovers, aimed at individual investors, financial advisors, and institutions. Vanguard's unique ownership structure means it is owned by its funds, which are in turn owned by the clients, allowing it to prioritize the needs of its investors over external shareholders. This model enables Vanguard to offer low-cost investment options, as it primarily earns revenue through management fees that are generally lower than industry standards. Additionally, Vanguard provides personalized investment advisory services, charging fees based on the assets managed. The company's goal is to help clients grow their wealth and achieve their financial objectives through effective investment strategies, while maintaining a competitive performance track record.
Kline Township, PennsylvaniaHeadquarters
1975Year Founded
SECONDARYCompany Stage
Fintech, Financial ServicesIndustries
10,001+Employees
Benefits
Best-in-class medical, dental & vision coverage
Onsite health clinic & fitness center
Health Smart Rewards program
Vanguard Retirement Savings Plan
Education Benefits
PTO
Family Planning Benefist
Parental leave
Personal development opportunities
Volunteer Time Off
Risks
Competition from AI-driven platforms like Writer challenges Vanguard's traditional advisory services.
Vanguard's stake in Steelcase exposes it to the volatile furniture market.
New active bond ETFs may struggle in a low-yield environment with increasing competition.
Differentiation
Vanguard is client-owned, aligning its interests with investors, unlike traditional firms.
The firm offers low-cost investment products, making it attractive to cost-conscious investors.
Vanguard's ownership structure allows it to focus on long-term investor value.
Upsides
Vanguard's new active bond ETFs offer diversified, low-cost fixed income options.
The acquisition of Steelcase shares diversifies Vanguard's portfolio into the furniture industry.
Launching the International Dividend Growth Fund appeals to investors seeking sustainable dividend growth.
Related Jobs
RemoteRemoteSenior Application Security Engineer
M&T BankSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSecurity Architect
EarnestSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteSr Manager, Threat Intelligence
UltraViolet CyberSalary not specified
RemoteDirector, Content Strategy
AffiniPaySalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteDistribution Channel Manager
Huntress$210,000 - $225,000/year
- Full Time
- Senior (5 to 8 years)
RemoteSenior Risk Analyst - Enterprise Risk Management
DeelSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteDirector, Security Operations Center (SOC)
UltraViolet CyberSalary not specified
- Full Time
- Senior (5 to 8 years)