Manager Application Security

Manager, Application Security

Hybrid work arrangement required with 4 days on site and 1 remote in one of the following organizational hubs: Johnston, RI - Westwood OR Boston, MA - Iselin, NJ - Manchester, NH

The Manager, Application Security is responsible for leading, scaling, and maturing enterprise application security capabilities across a complex technology environment. This role owns the application security program end to end, ensuring secure software development practices are embedded into the SDLC while balancing regulatory, risk, and business requirements. As part of the cybersecurity organization, this role partners closely with engineering, platform, cloud, DevOps, and risk teams to drive measurable risk reduction without slowing delivery.

Key Responsibilities:

• Lead the enterprise application security program across web, API, and mobile platforms
• Define and execute the application security vision, strategy, and roadmap aligned to business and risk objectives
• Establish and enforce application security standards, secure coding practices, and control requirements
• Partner with engineering leadership to embed security into architecture, design, and delivery decisions
• Oversee integration of application security testing tools, including SAST, DAST, and SCA, into CI CD pipelines
• Lead application security assessments and risk based remediation planning
• Provide threat informed guidance to engineering teams on high risk vulnerabilities and design patterns
• Collaborate with vulnerability management, cloud security, and infrastructure teams to drive cohesive risk reduction
• Establish governance, metrics, and reporting to measure application security maturity and effectiveness
• Represent application security in audit, regulatory, and risk management engagements
• Translate technical security risks into clear, business relevant insights for senior leaders
• Build, mentor, and develop application security engineers and subject matter experts
• Continuously improve tooling, automation, and processes to scale AppSec capabilities efficiently

Required Experience and Skills:

• 10 plus years of cybersecurity experience with a strong focus on application security
• 5 plus years of people or program leadership experience operating an application security program in an enterprise environment
• Deep understanding of application security risks, including OWASP Top 10 and API security threats
• Hands on experience with modern SDLC, CI CD, and DevSecOps practices
• Experience implementing and managing application security testing tools and processes
• Ability to assess application architecture, design patterns, and authentication and authorization models
• Strong experience partnering with engineering teams to drive secure by design outcomes
• Excellent written and verbal communication skills, including executive level reporting
• Proven ability to influence engineering, product, risk, and compliance stakeholders

Preferred Experience:

• Experience in highly regulated industries such as financial services or healthcare
• Familiarity with cloud native and microservices based architectures
• Experience with API security platforms and runtime visibility tools
• Background in penetration testing or threat modeling
• Experience defining application security metrics, KPIs, and maturity models

Education and Certifications:

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related field
• Preferred certifications include CISSP, CISM, CISA, GPEN, or equivalent

Pay Transparency:

The salary range for this position is from $133,000 to $190,000 per year, plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to work location, relevant skills, and experience.

We offer competitive pay, comprehensive medical, dental, and vision coverage, retirement benefits, maternity and paternity leave, flexible work arrangements, education reimbursement, wellness programs, and more. Citizens' paid time off policy exceeds the mandatory paid sick or paid time away policies of local and state jurisdictions in the United States. For an overview of our benefits, visit our Careers site.