Application Security Manager

About Remote

Remote is solving global remote organizations’ biggest challenge: employing anyone anywhere compliantly. We make it possible for businesses big and small to employ a global team by handling global payroll, benefits, taxes, and compliance. Check out remote.com/how-it-works to learn more or if you’re interested in adding to the mission, scroll down to apply now.

Please take a look at remote.com/handbook to learn more about our culture and what it is like to work here. Not only do we encourage folks from all ethnic groups, genders, sexuality, age and abilities to apply, but we prioritize a sense of belonging. You can check out independent reviews by other candidates on Glassdoor or look up the results of our candidate surveys to see how others feel about working and interviewing here.

All of our positions are fully remote. You do not have to relocate to join us!

What this job can offer you

• You'll be joining 250 engineers across Frontend, Backend, SRE and QA. We're organised into cross-functional development teams assigned to specific product areas. Regardless of the specific team you will be joining, you will be working on building features, tools, APIs and integrations for one of our products.
• Our backend is built with Elixir and Phoenix, with a Postgres database. We use React and Nextjs for our frontend. Gitlab is used as a version control tool and a CI/CD solution. Our applications are hosted on AWS. We fully rely on our CI for deployments and deploy multiple times per day.

What you bring

• Significant experience managing application security teams (preferably in SaaS environments)
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
• Strong analytical and managing skills
• Strong understanding of common application security vulnerabilities (e.g., OWASP Top 10) and secure coding practices.
• Experience with penetration testing tools and methodologies.
• Knowledge and experience in Security Incident management and/or SOC (including SIEM) are a plus
• Relevant certifications are a plus (such as CISSP, CISM, SANS GIAC, OSCP).
• Writes and speaks fluent English
• It's not required to have experience working remotely, but considered a plus

Key Responsibilities

• Lead and manage the application security program, closely align with the overall Security program.
• Support the application security team on their BAU, projects and individual growth (through guidance and mentorship).
• Oversight of the vulnerabilities management process, working closely with the Engineering teams and providing relevant metrics to the Security Director.
• Promote Secure Development Life Cycle on the Engineering team.
• Ensure proper security architecture within SRE, Development and Product teams.
• Integrate threat modeling practices into product and development.
• Support the improvement and maintenance of security tooling used in CI/CD pipeline.
• Coordinate and support penetration testing engagements, including scoping, planning, and reviewing findings.
• Depending on profile, additional responsibilities may also be assigned:
  • Support Incident management team
  • Support improvement on SIEM tools and processes

Practicals

• You'll report to: Security Director
• Direct reports: 2 appsec members
• Team: Security - Engineering
• Location: We can hire anywhere in the world, with candidates from EMEA being prioritized due to business needs
• Start date: As soon as possible

Remote Compensation Philosophy

Remote's Total Rewards philosophy is to ensure fair, unbiased compensation and fair equity pay along with competitive benefits in all locations in which we operate. We do not agree to or encourage cheap-labor practices and therefore we ensure to pay above in-location rates. We hope to inspire other companies to support global talent-hiring and bring local wealth to developing countries.

At first glance our salary bands seem quite wide - here is some context. At Remote we have international operations and a globally distributed workforce. We use geo ranges to consider geographic pay differentials as part of our global compensation strategy to remain competitive in various markets while we hiring globally.

The base salary range for this full-time position is $54,250 USD to $122,050 USD.Our salary ranges are determined by role, level and location, and our job titles may span more than one career level. The actual base pay for the successful candidate in this role is dependent upon many factors such as location, transferable or job-related skills, work experience, relevant training, business needs, and market demands. The base salary range may be subject to change.

Application process

1. Interview with recruiter
2. Interview with future manager
3. Interview with team members (no managers present)
4. Prior employment verification check

Benefits

• work from anywhere
• unlimited personal time off (minimum 4 weeks)
• quarterly company-wide day off for self care
• flexible working hours (we are async)
• 16 weeks paid parental leave
• mental health support services
• stock options
• learning budget
• home office budget & IT equipment
• budget for local in-person social events or co-working spaces

How you’ll plan your day (and life)

We work async at Remote which means you can plan your schedule around your life (and not around meetings). Read more at remote.com/async.

You will be empowered to take ownership and be proactive. When in doubt you will default to action instead of waiting. Your life-work balance is important and you will be encouraged to put yourself and your family first, and fit work around your needs.

If that sounds like something you want, apply now!

How to apply

1. Please fill out the form below and upload your CV with a PDF format.
2. We kindly ask you to submit your application and CV in English, as this is the standardised language we use here at Remote.
3. If you don’t have an up to date CV but you are still interested in talking to us, please feel free to add a copy of your LinkedIn profile instead.

We will ask you to voluntarily tell us your pronouns at interview stage, and you will have the option to answer our anonymous demographic questionnaire when you apply below. As an equal employment opportunity employer it’s important to us that our workforce reflects people of all backgrounds, identities, and experiences and this data will help us to stay accountable. We thank you for providing this data, if you chose to.