Manager, Application Security Engineering

Hi, We’re AppFolio We’re innovators, changemakers, and collaborators. We’re more than just a software company – we’re pioneers in cloud and AI who deliver magical experiences that make our customers’ lives easier. We’re revolutionizing how people do business in the real estate industry, and we want your ideas, enthusiasm, and passion to help us keep innovating. The Manager, Application Security Engineering is responsible for overseeing AppFolio’s world-class Application Security team, ensuring that AppFolio’s software products and features are secure. Your impact

• Manage a world-class Application Security team and drive their continued success.
• Collaborate with colleagues across the Organization including Product Development to ensure that software products and features are built and deployed securely.
• Lead and improve upon AppFolio’s robust Application Threat Modeling process.
• Identify and facilitate the mitigation of software vulnerabilities in AppFolio products.
• Establish and mature a Security Champions program.

Qualifications

• Demonstrates a servant leadership “multiplier” mindset to enhance an engaged and high-performing team.
• Asks the right questions, listens, collects and analyzes information, problem-solves, and makes clear, consistent decisions. Manages through change and ambiguity.
• Makes decisions in a timely manner, sometimes with incomplete information and under pressure, based upon a mixture of analysis, wisdom, experience, and judgment.
• Speaks and writes clearly and articulately without being overly verbose or talkative.
• Is a team player and easily gains trust and support of peers. Develops and uses collaborative relationships to facilitate the accomplishment of work.

Must have

• 3 or more years experience on a high-performing Application Security team.
• 1 or more years experience leading an Application Security team.
• Hands-on experience identifying, rating, and triaging web application security vulnerabilities (such as the OWASP Top Ten).
• Hands-on experience with security testing tools and technologies (e.g., SAST, DAST, SCA).
• Hands-on experience with web application penetration testing tools (e.g., Burp Proxy Suite, OWASP ZAP).
• Hands-on experience using LLMs and other AI capabilities, and an understanding of their strengths and weaknesses.

Nice to have

• Formal education in Information Security, Computer Science, Software Engineering, or Information Systems.
• Experience working with large-scale Ruby on Rails applications.
• Experience with Software maturity frameworks (e.g. OWASP SAMM).

Location Find out more about our locations by visiting our site. Compensation & Benefits The compensation that we reasonably expect to pay for this role is: $184,000 - $230,000 base pay. The actual compensation for this role will be determined by a variety of factors, including but not limited to the candidate’s skills, education, experience, and internal equity. Please note that compensation is just one aspect of a comprehensive Total Rewards package. The compensation range listed here does not include additional benefits or any discretionary bonuses you may be eligible for based on your role and/or employment type. Regular full-time employees are eligible for benefits - see here. #LI-KB1 Apply tot his job Apply To this Job