Engineering Manager, Application Security (AppSec)

TL;DR

Engineering Manager, Application Security (AppSec): Lead the team redesigning AI-assisted AppSec workflows for a real estate transaction platform with an accent on automated pen-testing pipelines, AI-driven vulnerability triage, and continuous red-teaming. Focus on scaling security coverage per engineer, embedding security in the development lifecycle, and defining multi-quarter AI-augmented security strategy.

Location: Remote work eligible. Offices in San Francisco, CA; Concord, NH; Austin, TX.

Salary: $210,000-$240,000 base annual plus equity and benefits.

Company

Leading B2B real estate technology platform connecting homebuyers, sellers, lenders, title agents, and real estate agents on a shared digital closing platform.

What you will do

• Lead and grow the Application Security team, coaching engineers, setting goals, and delivering on the security roadmap.
• Build automated pen-testing pipelines with AI-assisted offensive testing on services, APIs, and web properties.
• Design AI workflows to scale triage of vulnerability findings from bug bounties, scanners, and reports.
• Review engineering proposals and RFCs across product teams to flag risks early and enable secure-by-default shipping.
• Run recurring red-teaming exercises, both internal and with vendors, integrating findings into detection and hardening.
• Partner with leadership to own AppSec vision including anomaly detection, threat modeling, and AI defense strategies.
• Lead incident response from the AppSec side and mentor/hire strong engineers.

Requirements

• 5+ years as security or full-stack engineer on production systems + 2+ years managing security or platform team.
• Hands-on in application security: threat modeling, code review, offensive security (pen testing or red team).
• Track record shipping automation, ideally with LLMs, agents, or ML in security/engineering workflows.
• Experience across full security lifecycle: prevention, detection, response, recovery.
• Strong written communication and product sense with measurable impact focus.
• Fintech, real estate tech, or regulated high-liability domain experience preferred.

Nice to have

• Background in anomaly-detection systems on traffic, logs, or transactions.
• Published research, CVEs, or talks in AppSec, offensive security, or AI security.
• Familiarity with AI-enabled threats like prompt injection or agent exploitation.

Culture & Benefits

• Comprehensive health plans, 401k, commuter benefits, parental leave, flexible time off.
• Robust onboarding, biweekly all-hands, internal virtual events.
• Mission-driven team focused on technology solving real-world problems; emphasis on diversity and inclusion.