Who We Are
What We Do
WhatYou’llDo:
Define, build, and evolve the enterprise Application Security (AppSec) strategy and roadmap aligned to business priorities and risk posture
Own and scale the AppSec program, including secure SDLC standards, policies, and governance across all applications and platforms
Partner with engineering and platform teams to integrate security into CI/CD pipelines, tooling, and developer workflows
Drive threat modeling, security architecture reviews, and vulnerability management toidentifyand mitigate application-layer risks
Evaluate, implement, andoptimizeAppSec tooling (SAST, DAST, SCA, API security, container security) and automate security processes at scale
Build, mentor, and lead a high-performing team of application security engineers and specialists
Collaborate with Engineering, Product, Cloud, Infrastructure, and GRC teams to embed security into product design and delivery
Establish and track key security metrics to measure program effectiveness and communicate risk posture to leadership
Ensure applications meet security, regulatory, and audit requirements while supporting internal and external assessments
Promote a developer-centric security culture through education, training, and security best practice adoption
WhatYou’llBring:
8+ years of experience in application security, security engineering, or related cybersecurity roles
3+ years of experience leading or managing teams in a security or engineering organization
Strongexpertisein secure application development, including secure coding, threat modeling, and SDLC integration
Deep understanding of modern application architectures (microservices, APIs, cloud-native, distributed systems)
Experience implementingDevSecOpspractices and integrating security into CI/CD pipelines
Hands-on experience with application security tools (SAST, DAST, SCA, container security, API security)
Demonstrated ability to assess and prioritize risk, and drive remediation across engineering teams
Strong cross-functional communication and stakeholder management skills
Proven ability to influence engineering teams and drive adoption of security practices
Bachelor's degree in computer science, Information Security, or related field (or equivalent experience)
Ideally,You’llAlso Have Experience With:
Operating in a regulated environment (financial services, fintech, or similar)
Cloud platforms (AWS, Azure, or GCP) and cloud security best practices
Zero Trust architecture and modern identity/security models
** Note that the following statements only apply to candidates who will be working from an unincorporated area within Los Angeles County. **
First American will consider for employment all qualified applicants, including those wi