Application Security Engineering Manager

Location: Europe remote or London hybrid

About the role: As our engineering and research organisation grows, so does the complexity of securing it. Our Application Security team is at the forefront of that challenge — building AI-native security tooling, embedding security into the development lifecycle at scale, and finding ways to make a small, highly capable team punch well above its weight. We're looking for an Engineering Manager to lead and grow the AppSec team. This is not a coordination role. You’ll be leading a team of exceptionally senior and staff-level engineers who are deeply self-directed and technically excellent. To earn their trust and enable their best work, you need to be genuinely close to the craft — able to engage at depth on threat modelling, agentic security tooling, SDLC design, and application risk. You’ll also own AppSec strategy and be accountable for how the function scales alongside a product organisation that is growing fast and leaning heavily into AI-assisted development.

Important note: Anyone working as a manager within the Infosec team will need to follow the Infosec Team Management Tenets.

Key Responsibilities:

• Lead, support, enable and grow the AppSec team — owning hiring, onboarding, performance, and career development for a team of Senior and Staff-level Security Engineers.
• Own the formalisation of AppSec strategy and roadmap, translating team input, business risk and engineering context into a clear, prioritised programme of work with measurable outcomes.
• Be a credible technical partner to your team — engage substantively on threat models, security architecture, agentic tooling design, and risk decisions, and be willing to get into the details when it matters.
• Define and maintain the team's operating rhythm: OKRs, quarterly planning, cross-team coordination, and stakeholder communication up to leadership.
• Act as a key interface between AppSec and the rest of the organisation and leadership — build relationships with business leadership, engineering leads, the Developer Platform team, Architecture Working Group, and partner functions like Legal and Moderation, to embed security into how Synthesia builds.
• Participate in maintaining and evolving Synthesia's approach to AI-assisted development security, including how we secure our own use of agentic coding tools and how we assess the security of AI-generated code.
• Own AppSec's relationship with the broader Security function, ensuring tight alignment between AppSec and other Infosec teams on shared risks, incidents, and cross-cutting initiatives.
• Represent AppSec externally where relevant — with customers, auditors, and in the context of compliance programmes such as SOC2 and ISO 42001.

What's in it for you:

• Lead a small, senior team with high autonomy, focusing on creating leverage rather than running a ticket queue.
• Work in a leading AI company with high growth and a very friendly culture — it’s a fun ride.
• Build and ship AI-native/agentic security tooling end-to-end, from prototypes to production systems that materially change how engineering works.
• Operate at the intersection of product, platform, and security architecture, with scope to shape how secure-by-default looks in a rapidly scaling AI company.

Experience & Qualifications:

• You’re a Security Engineer first, who has grown into leadership.
• You’re comfortable in the details and know when to roll up your sleeves, but you’ve also developed the organisational instincts to run a team effectively and the strategic clarity to own a function.
• You’re a strong communicator who can operate across audiences — from deeply technical discussions with staff engineers, to clear risk framing for leadership, to pragmatic negotiation with product and engineering partners.
• You have a strong engineering background in application security, with hands‑on experience in areas such as threat modelling, secure design review, (AI‑)SAST/SCA tooling, vulnerability management, and/or security automation.
• You are very comfortable with Python and JavaScript.
• You have experience with AWS and/or GCP from a cloud infrastructure perspective, and you know your way around GitHub Actions.
• You have meaningful people‑management experience — you’ve hired, grown, and performance‑managed security engineers, and you understand what good looks like at senior IC levels.
• You’ve led or significantly contributed to an AppSec programme in a fast‑growing SaaS or AI company, ideally where the engineering organisation was scaling faster than the security team.
• You have a genuine point of view on AI-native security engineering — how LLMs and agentic tools change the attack surface, and how to use them defensively.
• You’ve worked in an environment with a mature engineering culture and understand how to embed security as a collaborative partner rather than a gate.

Bonus Points For:

• Experience with Kubernetes from an operational/security perspective.
• Familiarity with any of the tools in our current stack: Semgrep, Wiz, CrowdStrike, HackerOne, Claude Code, Cursor, GitHub Actions, StepSecurity.
• Prior experience as a Staff or Principal security engineer before moving into management.

At Synthesia we expect everyone to…

• Be an owner.
• Focus on outcomes over inputs and plans.
• Make the journey fun.
• Default to simple.

Benefits:

• A flexible, remote friendly role based out of Europe or one of our hubs in London, Copenhagen, Munich, or Zurich.
• 25 days of annual leave + public holidays in the country where you are based.
• A generous referral scheme.
• Work from home set up.
• At Synthesia, you can work from anywhere (within reason) in the world for up to 60 days per year.
• A huge opportunity for career growth as you’ll help shape a market-defining product.