Application Security Manager

Unily partners with the world’s largest and most complex enterprises to power Organizational Velocity through digital Employee Experience transformation. Iconic brands, including Estée Lauder Companies, CVS Health, and British Airways, use Unily’s market-leading Employee Experience platform to improve productivity, streamline communication, and foster a highly connected workplace.

As we continue to expand our market share in the rapidly emerging Employee Experience platform category, we are looking for an Application Security Manager. This role is responsible for building and executing a comprehensive application security programme that combines strategic oversight with hands-on technical execution. The Application Security Manager ensures that security is embedded throughout the software development lifecycle (SDLC), enabling Unily to deliver secure products at speed.

Main Responsibilities:

• Define and maintain secure development policies and privacy by design requirements
• Own the risk acceptance and escalation process, maintaining the risk register
• Develop and measure the application security strategy leveraging frameworks such as OWASP SAMM
• Support RFPs and sales responses on application security matters
• Lead and coordinate external penetration testing engagements and remediation follow up
• Drive risk-based prioritisation, assigning and validating CVSS scores
• Deliver and manage secure development training programs
• Conduct and facilitate threat modelling and architecture and design security reviews
• Perform or coordinate application security testing
• Generate and manage software bills of materials (SBOMs) to manage supply chain risks
• Ensure build verification and oversee IaC and container/Kubernetes scanning within pipelines
• Provide guidance on secure cloud-native architectures
• Evaluate and apply security testing tools and techniques (e.g. Burpsuite, fuzzing, IaC scanners, Static Analysers)
• Contribute to security metrics, reports and dashboards
• Collaborate with engineering, operations and product teams to embed security best practices throughout the whole SDLC

Requirements:

• Proven experience in application security
• Strong knowledge of secure software development practices, DevSecOps and CI/CD security integration
• Hands-on experience with application security testing tools and techniques (e.g. SAST, DAST, Dependency checkers, IaC scanners, secret detection, container security tools)
• Understanding of threat modelling, architecture and design reviews and offensive security principles
• Familiarity with compliance and regulatory frameworks
• Experience with risk acceptance processes, CVSS scoring and vulnerability management
• Experience managing external penetration testing vendors
• Familiarity with SBOMs and software supply chain security
• Strong background in cloud and container security
• Ability to communicate with technical and non-technical stakeholders
• Knowledge of data privacy regulations and GDPR, and how they intersect with application security
• Certifications such as CISSP, CSSLP, OSWE, OSCP or equivalents
• Degree in computer science, cyber security, related fields or equivalent experience

We are united by a shared purpose and are committed to truly understanding each other. We know that everyone is unique and has their own story. We strive to have a diverse workforce that embraces and celebrates one another. We are united in building connections and curious to learn from each other so that we continue to grow together to build the workplace of tomorrow.

Why Work For Unily?

• Our awesome team culture. We are focused on achieving results as a team and having fun while we do it.
• Our industry leading product. We are very proud of our ever-evolving product, naturally we use (and love) it internally and provide the tools and resources for you (and our clients) to become a Unily expert.
• The flexibility that we offer. We operate on a hybrid basis, and also recognize that life happens during the 9-5.30 and encourage a sustainable work/life balance.
• Our bright and modern office spaces. When you need to be in the office we want it to be like being at home.
• We offer a fantastic suite of benefits. Including 25 days holiday plus an extra paid day off to enjoy your birthday, Vitality life cover, Aviva pension, life assurance, income protection and more.
• Our commitment to sustainability and giving back to the community.