Lead Application Security Engineer

Application Security Lead - Investment Management Sector

A global investment management firm is creating a new DevSecOps function and is seeking an experienced professional to design and lead it. This is a greenfield role with full ownership of frameworks, tooling, and automation that will define how a large developer ecosystem delivers secure code.

Key Responsibilities

* Design and implement a DevSecOps framework across CI/CD pipelines
* Automate security controls, compliance checks, and testing within development workflows
* Integrate and manage security testing tools including SAST, DAST, SCA, and OSS
* Define and track KRIs to measure security posture and drive continuous improvement
* Champion secure development practices and provide training to engineering teams
* Collaborate with developers, DevOps, and senior leadership to drive adoption
Requirements

* 7-10 years in software development, security engineering, or DevOps with strong DevSecOps focus
* Proven experience building or scaling a DevSecOps program
* Expertise in CI/CD (GitHub, GitLab, Jenkins, Azure DevOps) and containers (Docker, Kubernetes)
* Cloud security knowledge across AWS, Azure, or GCP
* Infrastructure-as-code experience (Terraform, CloudFormation) and scripting proficiency (Python, Bash)
* Familiarity with security frameworks and standards (NIST CSF, ISO 27001, SOC 2)
* Strong communication and stakeholder management skills

Compensation

Base salary $220,000-$260,000 plus discretionary bonus and comprehensive benefits.

If you want the opportunity to build and own a DevSecOps program that will operate at global scale, this role offers the autonomy and impact to define what good looks like.