The Senior Manager, Application Security leads teams focused on Product Security, Vulnerability Management, and Security Assessments while implementing application security strategies in a cloud-native environment.
The Senior Engineering Manager, Application Security leads the teams responsible for Product Security, Vulnerability Management, and Security Assessments. This role is responsible for defining and executing the application security roadmap to protect member data (PHI) within a cloud-native environment, primarily AWS. The manager guides the team in building automated security solutions, maturing the secure SDLC, and partnering with engineering to embed security into the development process. This is a remote role reporting to the Chief Information Security Officer.
Responsibilities:
- Manage, mentor, and grow the Application Security, Vulnerability Management, and Security Assessment teams, fostering a culture of engineering excellence and proactive security ownership.
- Define and execute the application security roadmap, directly contributing to our top priority of preventing PHI exposure.
- Serve as a technical leader and mentor, guiding the team's architectural decisions and fostering engineering excellence in languages like Go and Python.
- Evolve our secure SDLC through the strategic implementation of SAST, DAST, and SCA tooling, focusing on actionable results and a positive developer experience.
- Champion and guide the strategy for modern access control, including Just-In-Time (JIT) access and other least-privilege initiatives, in partnership with the Cloud Security team.
- Oversee key security programs including threat modeling, bug bounty, penetration testing, and vulnerability management.
- Partner with engineering and product leaders to ensure security and privacy are designed into our products from the very beginning.
Qualifications:
- 8+ years of experience in security engineering, with at least 3+ years as a direct people manager leading security teams.
- A strong track record of building and scaling Application Security programs in cloud-native SaaS environments (AWS strongly preferred).
- Hands-on-keyboard proficiency in a modern programming language (e.g., Go, Python), with the ability to perform meaningful code reviews and guide technical architecture.
- Demonstrated success leading vulnerability management programs, from detection through remediation and verification.
- Deep experience with the tools and processes used to secure the SDLC, including SAST, DAST, SCA, and CI/CD pipeline integration.
- Proven ability to run effective threat modeling exercises for complex applications and services.
- Excellent communication skills, with the ability to articulate complex security risks and strategies to both technical and executive audiences.
- Experience securing platforms in a regulated healthcare environment and deep familiarity with HIPAA and HITRUST controls.
- Background in running external-facing security programs like bug bounty, responsible disclosure, or customer security reviews.
- Familiarity with Infrastructure as Code (IaC) principles and tools like Terraform, and an understanding of how they influence application security.
- Experience navigating compliance frameworks beyond healthcare, such as ISO 27001 or SOC 2.
Physical/Cognitive Requirements:
- Capability to remain seated in a stationary position for prolonged periods.
- Eye-hand coordination and manual dexterity to operate keyboard, computer and other office-related equipment.
- Capability to work with leadership, employees, and members in an appropriate manner.
Pay:
The United States new hire base salary target ranges for this full-time position are:
Zone A: $188,270 - $265,930 + equity + benefits
Zone B: $207,097 - $292,523 + equity + benefits
Zone C: $225,924 - $319,116 + equity + benefits
Zone D: $244,751 - $345,709 + equity + benefits
This range reflects the minimum and maximum target for new hire salaries for candidates based on their respective Zone. Below is additional information on Included Health's commitment to maintaining transparent and equitable compensation practices across our distinct geographic zones.
Starting base salary for you will depend on several job-related factors, unique to each candidate, which may include education; training; skills; years and depth of experience; certifications and licensure; our needs; internal peer equity; organizational considerations; and understanding of geographic and market data. Compensation structures and ranges are tailored to each zone's unique market conditions to ensure that all employees receive fair and great compensation package based on their roles and locations. Your Recruiter can share your geographic zone upon inquiry.
Benefits & Perks:
In addition to receiving a great compensation package, the compensation package may include, depending on the role, the following and more:
Remote-first culture
401(k) savings plan through Fidelity
Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)
Paid Time Off ("PTO") and Discretionary Time Off (“DTO")
12 weeks of 100% Paid Parental leave
Family Building & Compassionate Leave: Fertility coverage, $25,000 for surrogacy/adoption, and paid leave for failed treatments, adoption or pregnancies.
Work-From-Home reimbursement to support team collaboration home office work
Your recruiter will share more about the salary range and benefits package for your role during the hiring process.
About Included Health
Included Health is a new kind of healthcare company, delivering integrated virtual care and navigation. We’re on a mission to raise the standard of healthcare for everyone. We break down barriers to provide high-quality care for every person in every community — no matter where they are in their health journey or what type of care they need, from acute to chronic, behavioral to physical. We offer our members care guidance, advocacy, and access to personalized virtual and in-person care for everyday and urgent care, primary care, behavioral health, and specialty care. It’s all included. Learn more at includedhealth.com.
-----
Included Health is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Included Health considers all qualified applicants with arrest or conviction records in accordance with the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance, and California law.
Top Skills
AWS
Ci/Cd
Dast
Go
Python
Sast
Sca
Terraform
Similar Jobs
Cloud • Security • Software • Cybersecurity • Automation
This role entails leading product marketing for GitLab's security portfolio, developing messaging, demand generation, and go-to-market strategies while collaborating with cross-functional teams to drive revenue growth.
Top Skills:
AICompliance FrameworksDastDevsecopsHipaaIso 27001PciSastScaSlsaSoc 2
Artificial Intelligence • eCommerce • Information Technology • Internet of Things • Automation
Seeking an ITIL certified instructor for virtual and in-person training, responsible for course development, student management, and technology research.
Top Skills:
ItilLmsVirtual LabsVMwareVsphereWeb Conferencing Platforms
Artificial Intelligence • eCommerce • Information Technology • Internet of Things • Automation
The Sr Engineer DV Prof Svcs at CDW leads the implementation and management of Epic Healthcare solutions, collaborating with clients and stakeholders to ensure optimal system performance and upgrades. Responsibilities include strategy development, technical delivery of Epic systems, and mentoring sales teams. The role requires strong customer-facing skills and an understanding of healthcare technology trends.
Top Skills:
AixAnsibleEpicLinuxSQLTerraform
What you need to know about the Boston Tech Scene
Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories
