[Remote] Senior Manager – Application Security

Note: The job is a remote job and is open to candidates in USA. Miro is a visual workspace for innovation that enables distributed teams to build the next big thing. The Senior Manager of Application Security will lead a global team focused on embedding security into the software development lifecycle, ensuring secure development practices while fostering collaboration across product and engineering teams.

Responsibilities

• Lead and mentor a globally distributed team of security engineers focused on application security, offensive testing, secure architecture, and vulnerability remediation
• Lead and coordinate the team's initiatives and help provide project management leadership to the team members
• Coordinate cross function and cross stream initiatives and projects
• Drive integration of security into Miro’s Discover, Define, Deliver lifecycle through the lens of the AMPED Ways of Working and Operating Model
• Collaborate with Product, Engineering, and Design to ensure security is considered at the earliest stages of ideation—via threat modeling, risk reviews, and abuse-case analysis.Shape and evolve Miro’s Secure SDLC practices, integrating security seamlessly into CI/CD pipelines, infrastructure-as-code, and developer tooling
• Oversee execution of bug bounty and third-party testing programs, ensuring vulnerabilities are triaged, communicated, and remediated effectively
• Build and scale Miro’s Security Champions program to embed security ownership within each engineering team
• Guide secure adoption of AI-augmented software development tools, including LLMs used for code generation, reviews, or architectural assistance
• Help envision and safely operationalize Agentic AI-driven developer and security workflows, including policy-driven autonomous agents supporting security automation and decision-making
• Provide structured guidance, patterns, and reference architectures that support developers in implementing secure, scalable, and privacy-respecting features
• Define and report on KPIs and success metrics for secure development adoption, vulnerability resolution, and developer engagement
• Collaborate with Privacy, Legal, and Compliance teams to ensure alignment with regulatory requirements (ISO 27001, SOC 2, GDPR, and emerging AI regulations)
• Foster a strong team culture based on collaboration, learning, and continuous improvement

Skills

• 10+ years of experience in software, application, or product security, including significant experience in secure software development
• 3+ years of technical leadership or management experience in a security-focused role
• Extensive experience with threat modeling methodologies (e.g., STRIDE, PASTA) and risk assessment, particularly within a SaaS or product-centric organization
• Deep expertise in Secure Software Development Lifecycles (SSDLC), including integrating security into agile and custom development frameworks
• Demonstrated experience running Security Champions programs and scaling developer engagement
• Experience leading offensive security programs (penetration testing, red teaming, bug bounty)
• Practical understanding of governance and assurance frameworks such as ISO 27001, SOC 2, and OWASP SAMM
• Familiarity with AI/LLM tooling (e.g., Cursor, GitHub Copilot, custom LLM integrations) and the associated security and governance considerations
• Experience working with AWS and securing API-driven, microservice-based architectures
• Ability to manage distributed teams and communicate effectively across technical and business stakeholders

Benefits

• Our global benefits package generally includes equity
• A wellbeing benefit
• A WFH equipment allowance
• An annual Learning & Development stipend
• Full benefits may differ per location

Company Overview

Company H1B Sponsorship