Senior Manager

Skills Required:
Secure SDLC & DevSecOps, Cloud & Platform Security, Application Security Testing, Team Leadership & Mentorship, Stakeholder Management, Program Management, Securing GenAI usage

Education/Qualification:
Bachelors or Masters

Desirable Skills:
Security Management, Reporting, Risk Management, Cost Management

Years Of Exp:
12 to 15 Years

About the Role:
Senior Manager should be working on the Application Security, Infrastructure and Cloud, Product & GenAI security.

About the team:
An Information Security (InfoSec) team plays a crucial role in protecting an organization's data, systems, and networks.

You are Responsible for:
Strategy:

Drive the product security strategy aligned with business and technology goals.
Application Security & DevSecOps:
Lead and scale the AppSec program, including threat modeling, secure code review, SAST, DAST, and dependency scanning.
Integrate security tooling into CI/CD pipelines and promote a DevSecOps culture.
Build frameworks and reusable security libraries to accelerate secure product development.
Vulnerability Management & Offensive Security:
Oversee proactive security testing through red teaming, penetration testing, and bug bounty programs.
Partner with engineering teams for timely remediation of vulnerabilities and drive security metrics.
Conduct regular attack surface reviews and ensure critical security controls are in place.
Leadership & Stakeholder Engagement:
Mentor and lead a team of security engineers and analysts focused on product security.
Influence product managers, architects, and engineering leaders through clear communication and data-backed recommendations.
Represent product security in architectural reviews, incident response, and postmortems.

To succeed in this role – you should have the following:
 

12–15 years of experience in Information Security with deep focus on Product/AppSec; minimum 5 years in a security leadership role.
Strong technical knowledge of web application security, mobile security (iOS/Android), API security, and cloud-native application security (AWS/GCP).
Proficient in secure coding practices across languages like Java, Python, Node.js, or Go.
Experience with tools such as Burp Suite, OWASP ZAP, SonarQube, Checkmarx, Snyk, Veracode, etc.
Excellent communication skills and ability to influence cross-functional stakeholders.