Sr. Manager, Application Security

We are seeking a Sr Manager Application Security to lead and mature our Application Security program across a complex environment consisting of both a Ruby-based monolith and distributed Go microservices. This leader will be responsible for building scaling and operationalizing secure development practices that integrate seamlessly into our CI/CD pipelines and Agile delivery model.

This role will oversee application security reviews threat modeling secure code practices and optimization of SAST/SCA tooling to ensure meaningful actionable insights for Engineering leadership. The ideal candidate combines strong technical depth with strategic leadership and the ability to drive security outcomes in a fast-moving fintech environment.

Responsibilities:

• Lead the Application Security team including hiring mentoring and performance management.
• Define and execute the Application Security roadmap aligned with business priorities and regulatory obligations (e.g. PCI SOC 2).
• Partner closely with Engineering Product QA Infrastructure and DevOps leadership to embed security early in the SDLC.
• Oversee security design reviews and code security reviews across:
• Go-based microservices
• Ruby-based monolith applications
• Provide technical guidance on secure architecture decisions in a cloud-first (AWS) environment.
• Own and continuously improve the organizations threat modeling framework and ensure its embedded in new feature development and architectural changes.
• Ensure SAST and SCA tooling is integrated into CI/CD and appropriately tuned to reduce false positives.
• Drive meaningful reporting dashboards for Development and Engineering leadership.
• Establish and operationalize a risk-based vulnerability prioritization framework and scoring rubric aligned with OWASP guidance and applicable industry standards.
• Act as a trusted advisor to Engineering leadership and influence architectural decisions that reduce systemic risk.
   

Qualifications :

• 8 years of experience in Application Security or Secure Software Engineering.
• 3 years leading or managing technical security teams.
• Strong hands-on experience with:
  • Ruby (Rails) application security
  • Go (Golang) application security
• Deep knowledge of:
  • Secure SDLC practices
  • Threat modeling methodologies (e.g. STRIDE attack trees)
  • SAST and SCA tools and rule tuning
  • OWASP Top 10 and API Security Top 10
• Experience integrating security tools into CI/CD pipelines.
• Familiarity with cloud-native application security in AWS environments.
• Strong understanding of microservices security patterns (service-to-service auth token handling API gateways etc.).
• Strong communicator capable of influencing senior engineering leaders.

Additional Qualifications that are a plus:

• Experience in fintech payments or other regulated environments.
• Knowledge of PCI DSS and SOC 2 security expectations.
• Experience with container security and Kubernetes-based deployments.
• Experience building security metrics and executive-level reporting.
• Passionate about mentoring engineers and raising secure coding maturity.

Additional Information :

Why Join Us:

• Competitive salary and benefits with growth-company options grant
• Fast- paced and professional work culture
• Stock options with standard startup vesting - 1 year cliff; 4 years total
• $50 monthly communication expense stipend to go towards your phone/internet bill
• $250 stipend to enhance your WFH setup
• Reimbursement for peripheral equipment: monitor (up to $400) keyboard and mouse (up to $200)
• Premium medical benefits including vision and dental (100% coverage for employees)
• Company-sponsored life and disability insurance
• Paid parental bonding leave
• Paid sick leave jury duty bereavement
• 401k plan
• Flexible Time Off (our team members typically take off 3-4 weeks per year)
• Volunteer Time Off
• 13 scheduled holidays

Salary Range: $200000 - $230000

PayNearMe strives to create a workplace where all employees thrive. Our core values represent who we are today and we take pride in the way we work with each other as well as with our stakeholders.

Were in this together to do the right thing. We deliver real results we are proud of while remaining respectful transparent and flexible.

PayNearMe is an equal opportunity employer. We are diligently and thoughtfully working towards cultivating a diverse workforce which in turn enhances our products and services for the communities we serve. Applicants who represent all backgrounds are strongly encouraged to apply.

CALIFORNIA CONSUMER PRIVACY ACT: APPLICANT NOTICE

Effective Date: January 1 2020

Last Reviewed on: December 23 2019

PayNearMe Inc. (the Company) is providing you with this Notice (Notice) to inform you about:

1. the categories of Personal Information that the Company collects and maintains about applicants; and
2. the purposes for which the Company uses that Personal Information.

For purposes of this Notice Personal Information means information that identifies relates to describes is capable of being associated with or could reasonably be linked directly or indirectly with a natural person that the Company may collect in connection with screening applicants for job openings at the Company.

1. Identifiers and Professional or Employment-Related Information. The Company collects identifiers and professional or employment-related information which may include some or all the following: real name nickname or alias postal address telephone number e-mail address membership in professional organizations professional certifications language skills and current and past employment history. The Company collects this Personal Information to evaluate previous job performance and consider applicants for positions to develop a talent pool and plan for succession to conduct applicant surveys to maintain an internal applicant directory and for purposes of identification to promote the Company as a place to work and for workforce reporting and data analytics/trend analysis.
2. Personal Information Categories from Cal. Civ. Code 1798.80(e). The Company may collect categories of Personal Information listed in Cal. Civ. Code 1798.80(e) other than those already listed above (a) to the extent necessary to comply with the Companys legal obligations such as to accommodate disabilities; (b) to conduct a direct threat analysis in accordance with the Americans with Disabilities Act and state law; (c) for occupational health and safety compliance and record-keeping; and (d) to respond to an applicants medical emergency.
3. Characteristics of Protected Classifications Under California or Federal Law. The Company may collect information about race age national origin disability sex and veteran status as necessary to comply with legal obligations including the reporting requirements of the federal Equal Employment Opportunity Act the federal Office of Contracting Compliance Programs (applicable to government contractors) and Californias Fair Employment and Housing Act. The Company collects this Personal Information for purposes including: to comply with Federal and California law related to accommodation. The Company also collects this category of Personal Information on a purely voluntary basis except where required by law and uses the information only in compliance with applicable laws and regulations.
4. Education Information. The Company collects education information such as resumes and graduation records. The Company collects this Personal Information to determine suitability for roles to determine eligibility for training courses and to assist with professional licensing.
5. Profile Data. The Company may collect profile data including the following: psychological assessments behavior analyses or other profiling of its applicants. The Company collects this Personal Information to determine aptitude for certain positions and job assignments as well.
6. Background Screening the event that an applicant is given a formal job offer the Company collects background screening information prior to hiring including results of the following types of background screening: criminal history; sex offender registration; motor vehicle records; credit history; employment history; drug testing; and educational history. The Company collects this Personal Information to screen for risks to the Company and its clients and continued suitability for their jobs and to evaluate applicants for promotions.

Assistance for Disabled Applicants

Alternative formats of this Notice are available to individuals with a disability. Please let us know if you need assistance.

All your information will be kept confidential according to EEO guidelines.

Remote Work :

Yes

Employment Type :

Full-time