Job VC
Lead DevSecOps / Application Security Lead
About the Role
We are looking for an experienced Lead DevSecOps / Application Security professional to drive secure software development practices, strengthen application security posture, and lead security initiatives across modern cloud-native environments. This role combines hands-on technical leadership with strategic ownership of security processes, risk management, and compliance initiatives.
Responsibilities
Lead and mentor a team of security professionals, fostering a strong security culture across engineering and operational teams.
Build, enhance, and continuously refine security systems, processes, and governance frameworks.
Drive the implementation of technical, operational, people, and audit controls to mitigate organizational risk.
Manage security initiatives, prioritize activities based on business impact and risk exposure, and define measurable objectives.
Develop, maintain, and evolve the organization's cybersecurity strategy.
Oversee the implementation and enforcement of security policies, standards, and guidelines.
Partner closely with engineering teams to integrate security throughout the Software Development Lifecycle (SSDLC) and promote shift-left security practices.
Conduct threat modeling, security design reviews, vulnerability assessments, and remediation planning.
Establish and improve vulnerability management processes, ensuring timely identification and resolution of security issues.
Ensure compliance with applicable regulatory and industry frameworks, including PCI, SOX, and security controls aligned with ISO and ITIL practices.
Guide the development, testing, and maintenance of incident response and disaster recovery plans.
Monitor emerging security threats, trends, and technologies, applying relevant improvements to security controls and processes.
Support secure cloud-native delivery practices, including containerized environments, Infrastructure as Code (IaC), CI/CD pipelines, and software supply chain security.
Requirements (Must-Have)
8+ years of hands-on experience in Application Security, Product Security, DevSecOps, or related security engineering roles.
Proven experience collaborating directly with software engineering teams to improve application security posture.
Strong practical experience with AppSec tooling, including:
SAST (Static Application Security Testing)
SCA (Software Composition Analysis)
Code scanning solutions
GitHub and GitHub Advanced Security
SonarQube
Dependabot
CI/CD security integrations
Ability to review source code, assess real-world risk, and drive practical, business-oriented remediation efforts.
Strong understanding of SSDLC and shift-left security methodologies.
Experience conducting threat modeling, security architecture reviews, and vulnerability management activities.
Deep knowledge of application and API security, including:
Authentication and Authorization (AuthN/AuthZ)
Secrets management
Dependency and third-party risk management
Injection vulnerabilities
Data protection principles
Experience with cloud-native development and delivery environments, including containers, Infrastructure as Code, Git-based workflows, automation, and technical documentation.
Strong communication and stakeholder management skills, with the ability to influence technical and business audiences.
Nice to Have
Experience with Infrastructure as Code (IaC) security scanning.
Container and container image security expertise.
Software supply chain security experience.
Advanced secrets management knowledge.
AWS cloud security experience.
Experience working within regulated, compliance-driven, audit-sensitive, or business-critical environments.
Familiarity with PCI DSS, SOX, ISO 27001, ITIL, and related governance frameworks.
What AppRecode offers
20 days of paid annual leave plus public holidays.
5 paid sick days per year.
Remote-first work environment.
Friendly and supportive team culture.
Personal development plans and access to experienced mentors and technical leaders.
Reimbursement for sports activities and professional certifications (after probation).
Ongoing learning opportunities: internal trainings and knowledge-sharing sessions.
Free English classes if you want to further improve your communication skills.