About the Role: Liminal is seeking an experienced and technically strong Application Security Manager to lead and mature our application security program. The ideal candidate will have 7–10 years of relevant experience, a deep understanding of secure software development, and the ability to work independently while collaborating with cross-functional teams. You will be responsible for integrating security into the software development lifecycle, managing application security initiatives, and enabling secure innovation across the organization.
Responsibilities:
Program Leadership:
- Lead and manage the application security program, aligning with the overall security strategy and business objectives.
Secure SDLC Integration:
- Integrate security tools, standards, and processes into the product lifecycle (SDLC, CI/CD), ensuring security is embedded from design through deployment.
Security Assessments & Testing:
- Oversee and conduct application security assessments, including static and dynamic analysis, manual and automated penetration testing, and code reviews.
Vulnerability Management:
- Manage the process for identifying, prioritizing, and remediating application vulnerabilities in collaboration with engineering and product teams.
Threat Modeling & Risk Analysis:
- Lead threat modeling and risk analysis activities for new and existing applications, ensuring security requirements are defined and addressed early in the development process.
Policy & Standards Development:
- Develop, maintain, and improve secure development standards, policies, and guidelines; ensure compliance with regulatory and industry standards (e.g., PCI, SOX, ISO27001).
Incident Response Support:
- Provide application security expertise during incident response and architecture review processes as needed.
Training & Awareness:
- Train and mentor developers, QA, and other stakeholders on secure coding practices, secure design, and emerging threats.
Metrics & Reporting:
- Produce and communicate metrics and reports on the state of application security, including program effectiveness and development team performance against security requirements.
Vendor & Third-Party Security:
- Support vendor security reviews to ensure third-party software and services meet organizational security standards.
Desired Candidate Profile:
- 7–10 years of experience in application security, software development, or related roles, with a strong track record managing or leading application security programs.
- Deep understanding of common application vulnerabilities (e.g., OWASP Top 10), secure coding practices, and application security testing methodologies.
- Hands-on experience with security tools such as SAST, DAST, IAST, SCA, and penetration testing frameworks.
- Proficiency in at least one major programming language (e.g., Java, C/C++, JavaScript) and familiarity with modern development and testing tools (e.g., Git, JIRA, Maven).
- Experience integrating security into agile and waterfall development processes.
- Strong leadership, communication, and stakeholder management skills, with the ability to influence and educate both technical and non-technical audiences.
- Experience with regulatory and industry standards (PCI, SOX, ISO27001, etc.).
- Ability to translate security and risk concepts into actionable requirements for diverse audiences.
Preferred Qualifications:
- Relevant certifications (e.g., CISSP, CISM, OSCP, CSSLP, SANS GIAC)
- Experience managing budgets and multi-year roadmaps for security initiatives
- Background in highly regulated industries (e.g., financial services) is a plus.
- Experience with cloud-native application security and DevSecOps practices.
