Security Engineering Manager

We are seeking a Security Engineering Manager to lead and evolve our security engineering function within a growing financial risk and advisory SaaS business. This role is ideal for an engineering-first leader who thrives in a hands-on environment and is motivated to build, scale, and mature security capabilities in a cloud-native platform.

You will lead a small but growing team, while remaining deeply technical-designing and implementing security controls across cloud infrastructure, applications, and CI/CD pipelines. You will play a critical role in strengthening our security posture, ensuring compliance with SOC 2 requirements, and enabling engineering teams to build securely at scale.

What You'll Do

• Lead and grow the Security Engineering function, starting as a player-coach and scaling the team over time

• Design, build, and implement security controls across Azure-based cloud infrastructure, containerized environments, and .NET applications

• Establish and mature cloud security and application security practices, including secure architecture patterns and threat modeling

• Secure the software development lifecycle (SDLC) by integrating security into CI/CD pipelines and developer workflows

• Own and manage third-party penetration testing, including vendor coordination, scope definition, and remediation tracking

• Develop and deliver secure coding training and guidance to engineering teams, driving adoption of best practices

• Build and maintain auditable security controls aligned with SOC 2 requirements, partner closely with internal stakeholders and external auditors

• Collaborate cross-functionally with Engineering, DevOps, and Compliance to embed security into the development and delivery process

• Evaluate, implement, and operate security tooling, with a focus on automation and scalability (shifting from building to optimizing over time)

• Implement and manage cloud security scanning and posture management, including continuous monitoring for misconfigurations, vulnerabilities, and drift across Azure environments

• Identify and address emerging risks related to AI/LLM usage, including vulnerability management, secure integration practices, and guidance for engineering teams adopting AI capabilities

• Remain hands-on-able to dive into technical challenges, review architecture, and contribute directly when needed

What Success Looks Like (First 12 Months)

• Strengthened and matured cloud and application security practices across the organization

• Implemented robust policy scanning and vulnerability management practices

• Implemented effective security controls within CI/CD pipelines and development workflows

• Established and maintained robust, auditable controls aligned to SOC 2 requirements

What You Bring

• 7+ years of experience in security engineering, with a strong foundation in software or cloud engineering

• Proven experience leading or mentoring engineers, with a desire to build and scale a team

• Deep hands-on expertise in cloud security (Azure required; AWS familiarity preferred)

• Experience securing modern application stacks, including .NET applications and containerized environments

• Strong understanding of application security principles, including secure coding practices, threat modeling, and common vulnerabilities (OWASP Top 10)

• Experience integrating security into CI/CD pipelines and developer tooling

• Familiarity with SOC 2 controls, including designing and implementing auditable technical controls and working with auditors

• Experience managing or working with third-party penetration testing vendors

• Strong problem-solving skills with the ability to operate both strategically and tactically

• Experience with security tooling such as SAST, DAST, container scanning, and cloud security posture management (CSPM)

• Excellent collaboration and communication skills, particularly in working with engineering teams