Manager: Application Security Engineering Lead at Tek Experts

Responsibilities
Security Strategy & Leadership

• Define and execute the application security roadmap, ensuring alignment with enterprise security strategy and compliance obligations.
• Champion secure-by-design and DevSecOps practices across backend, frontend, mobile, cloud, and integration teams.
• Partner with engineering, product, and security stakeholders to balance speed-to-market with security and compliance.
• Stay ahead of emerging threats, tools, and frameworks relevant to application security.

Secure SDLC & DevSecOps Enablement

• Embed security into every stage of the software development lifecycle (SDLC).
• Oversee deployment of application security testing tools (SAST, DAST, IAST, SCA) within CI/CD pipelines.
• Drive adoption of secure coding practices, threat modelling, and code reviews.
• Establish policies and playbooks for secure development and release management.

Governance, Risk & Compliance

• Ensure applications comply with regulatory and industry standards (e.g., PCI DSS, GDPR, POPIA, ISO 27001, SOC 2).
• Oversee secure design reviews, penetration testing, and vulnerability remediation.
• Govern API security, identity management, and encryption standards across platforms.
• Partner with enterprise GRC (Governance, Risk & Compliance) to manage audits and security certifications.

Leadership & People Development

• Lead and mentor application security engineers, DevSecOps specialists, and secure coding champions.
• Build organizational expertise in secure development, cloud-native security, and API security.
• Foster a culture of security-first engineering through training, awareness, and technical leadership.
• Develop career pathways and succession planning for security-focused engineering talent.

Stakeholder & Vendor Management

• Collaborate with DevOps, cloud, and software engineering leads to ensure security alignment across platforms.
• Partner with external vendors and consultants for pen testing, code audits, and security toolchains.
• Represent application security in architecture boards, risk committees, and executive forums.
• Manage vendor relationships for AppSec platforms, scanners, and monitoring tools.

Qualifications
Education & Certifications

• Bachelor’s degree in Computer Science, Software Engineering, Information Security, or related field (mandatory).
• Postgraduate qualification (MSc in Cybersecurity, MBA) – advantageous.
• Professional Certifications (preferred/required): CISSP, CISM, or CISA; CSSLP, GWAPT, or OSWE; AWS/Azure/GCP Security certifications, Kubernetes Security Specialist; SAFe Practitioner, Scrum Master (advantageous).

Experience

• 8–12 years’ experience in software or security engineering, with at least 3–5 years in an application security leadership role.
• Proven track record in embedding security into large-scale enterprise software delivery.
• Hands-on experience with secure coding, API security, cryptography, and OWASP Top 10.
• Experience implementing SAST, DAST, IAST, and SCA tools into CI/CD pipelines.
• Strong exposure to cloud-native architectures, microservices, and containerized environments.
• Experience managing security audits, regulatory compliance, and third-party risk assessments.

Core Skills & Competencies

• Deep expertise in application security frameworks, secure SDLC, and DevSecOps.
• Strong knowledge of threat modelling, risk assessment, and security design reviews.
• Leadership ability to build and mentor security-focused engineering teams.
• Excellent stakeholder engagement skills, with the ability to influence engineering and executive leadership.
• Strong analytical and problem-solving abilities with a proactive, prevention-first mindset.