The Senior Manager, Application Security leads teams focused on Product Security, Vulnerability Management, and Security Assessments while implementing application security strategies in a cloud-native environment.
The Senior Engineering Manager, Application Security leads the teams responsible for Product Security, Vulnerability Management, and Security Assessments. This role is responsible for defining and executing the application security roadmap to protect member data (PHI) within a cloud-native environment, primarily AWS. The manager guides the team in building automated security solutions, maturing the secure SDLC, and partnering with engineering to embed security into the development process. This is a remote role reporting to the Chief Information Security Officer.
Responsibilities:
- Manage, mentor, and grow the Application Security, Vulnerability Management, and Security Assessment teams, fostering a culture of engineering excellence and proactive security ownership.
- Define and execute the application security roadmap, directly contributing to our top priority of preventing PHI exposure.
- Serve as a technical leader and mentor, guiding the team's architectural decisions and fostering engineering excellence in languages like Go and Python.
- Evolve our secure SDLC through the strategic implementation of SAST, DAST, and SCA tooling, focusing on actionable results and a positive developer experience.
- Champion and guide the strategy for modern access control, including Just-In-Time (JIT) access and other least-privilege initiatives, in partnership with the Cloud Security team.
- Oversee key security programs including threat modeling, bug bounty, penetration testing, and vulnerability management.
- Partner with engineering and product leaders to ensure security and privacy are designed into our products from the very beginning.
Qualifications:
- 8+ years of experience in security engineering, with at least 3+ years as a direct people manager leading security teams.
- A strong track record of building and scaling Application Security programs in cloud-native SaaS environments (AWS strongly preferred).
- Hands-on-keyboard proficiency in a modern programming language (e.g., Go, Python), with the ability to perform meaningful code reviews and guide technical architecture.
- Demonstrated success leading vulnerability management programs, from detection through remediation and verification.
- Deep experience with the tools and processes used to secure the SDLC, including SAST, DAST, SCA, and CI/CD pipeline integration.
- Proven ability to run effective threat modeling exercises for complex applications and services.
- Excellent communication skills, with the ability to articulate complex security risks and strategies to both technical and executive audiences.
- Experience securing platforms in a regulated healthcare environment and deep familiarity with HIPAA and HITRUST controls.
- Background in running external-facing security programs like bug bounty, responsible disclosure, or customer security reviews.
- Familiarity with Infrastructure as Code (IaC) principles and tools like Terraform, and an understanding of how they influence application security.
- Experience navigating compliance frameworks beyond healthcare, such as ISO 27001 or SOC 2.
Physical/Cognitive Requirements:
- Capability to remain seated in a stationary position for prolonged periods.
- Eye-hand coordination and manual dexterity to operate keyboard, computer and other office-related equipment.
- Capability to work with leadership, employees, and members in an appropriate manner.
Pay:
The United States new hire base salary target ranges for this full-time position are:
Zone A: $188,270 - $265,930 + equity + benefits
Zone B: $207,097 - $292,523 + equity + benefits
Zone C: $225,924 - $319,116 + equity + benefits
Zone D: $244,751 - $345,709 + equity + benefits
This range reflects the minimum and maximum target for new hire salaries for candidates based on their respective Zone. Below is additional information on Included Health's commitment to maintaining transparent and equitable compensation practices across our distinct geographic zones.
Starting base salary for you will depend on several job-related factors, unique to each candidate, which may include education; training; skills; years and depth of experience; certifications and licensure; our needs; internal peer equity; organizational considerations; and understanding of geographic and market data. Compensation structures and ranges are tailored to each zone's unique market conditions to ensure that all employees receive fair and great compensation package based on their roles and locations. Your Recruiter can share your geographic zone upon inquiry.
Benefits & Perks:
In addition to receiving a great compensation package, the compensation package may include, depending on the role, the following and more:
Remote-first culture
401(k) savings plan through Fidelity
Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)
Paid Time Off ("PTO") and Discretionary Time Off (“DTO")
12 weeks of 100% Paid Parental leave
Family Building & Compassionate Leave: Fertility coverage, $25,000 for surrogacy/adoption, and paid leave for failed treatments, adoption or pregnancies.
Work-From-Home reimbursement to support team collaboration home office work
Your recruiter will share more about the salary range and benefits package for your role during the hiring process.
About Included Health
Included Health is a new kind of healthcare company, delivering integrated virtual care and navigation. We’re on a mission to raise the standard of healthcare for everyone. We break down barriers to provide high-quality care for every person in every community — no matter where they are in their health journey or what type of care they need, from acute to chronic, behavioral to physical. We offer our members care guidance, advocacy, and access to personalized virtual and in-person care for everyday and urgent care, primary care, behavioral health, and specialty care. It’s all included. Learn more at includedhealth.com.
-----
Included Health is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Included Health considers all qualified applicants with arrest or conviction records in accordance with the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance, and California law.
Top Skills
AWS
Ci/Cd
Dast
Go
Python
Sast
Sca
Terraform
Similar Jobs
Cloud • Security • Software • Cybersecurity • Automation
This role entails leading product marketing for GitLab's security portfolio, developing messaging, demand generation, and go-to-market strategies while collaborating with cross-functional teams to drive revenue growth.
Top Skills:
AICompliance FrameworksDastDevsecopsHipaaIso 27001PciSastScaSlsaSoc 2
.png)
Consumer Web • eCommerce • Machine Learning • Professional Services • Software • Sports • Analytics
The Senior Business Recruiter will source candidates, manage the full-cycle recruiting process, and collaborate with hiring managers to meet hiring needs for corporate and operations roles. They will also propose process improvements and enhance talent pipelines using data-driven strategies.
Top Skills:
Applicant Tracking SystemsCandidate Management SystemsHr DatabasesWorkday
Fintech • Machine Learning • Payments • Software • Financial Services
The Director of Product Management for Virtual Cards will lead a team to optimize and enhance the customer experience, focusing on user growth and product integration with various business lines.
What you need to know about the Charlotte Tech Scene
Ranked among the hottest tech cities in 2024 by CompTIA, Charlotte is quickly cementing its place as a major U.S. tech hub. Home to more than 90,000 tech workers, the city’s ecosystem is primed for continued growth, fueled by billions in annual funding from heavyweights like Microsoft and RevTech Labs, which has created thousands of fintech jobs and made the city a go-to for tech pros looking for their next big opportunity.
Key Facts About Charlotte Tech
- Number of Tech Workers: 90,859; 6.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lowe’s, Bank of America, TIAA, Microsoft, Honeywell
- Key Industries: Fintech, artificial intelligence, cybersecurity, cloud computing, e-commerce
- Funding Landscape: $3.1 billion in venture capital funding in 2024 (CED)
- Notable Investors: Microsoft, Google, Falfurrias Management Partners, RevTech Labs Foundation
- Research Centers and Universities: University of North Carolina at Charlotte, Northeastern University, North Carolina Research Campus
