The Senior Manager, Application Security leads teams focused on Product Security, Vulnerability Management, and Security Assessments while implementing application security strategies in a cloud-native environment.
The Senior Engineering Manager, Application Security leads the teams responsible for Product Security, Vulnerability Management, and Security Assessments. This role is responsible for defining and executing the application security roadmap to protect member data (PHI) within a cloud-native environment, primarily AWS. The manager guides the team in building automated security solutions, maturing the secure SDLC, and partnering with engineering to embed security into the development process. This is a remote role reporting to the Chief Information Security Officer.
Responsibilities:
- Manage, mentor, and grow the Application Security, Vulnerability Management, and Security Assessment teams, fostering a culture of engineering excellence and proactive security ownership.
- Define and execute the application security roadmap, directly contributing to our top priority of preventing PHI exposure.
- Serve as a technical leader and mentor, guiding the team's architectural decisions and fostering engineering excellence in languages like Go and Python.
- Evolve our secure SDLC through the strategic implementation of SAST, DAST, and SCA tooling, focusing on actionable results and a positive developer experience.
- Champion and guide the strategy for modern access control, including Just-In-Time (JIT) access and other least-privilege initiatives, in partnership with the Cloud Security team.
- Oversee key security programs including threat modeling, bug bounty, penetration testing, and vulnerability management.
- Partner with engineering and product leaders to ensure security and privacy are designed into our products from the very beginning.
Qualifications:
- 8+ years of experience in security engineering, with at least 3+ years as a direct people manager leading security teams.
- A strong track record of building and scaling Application Security programs in cloud-native SaaS environments (AWS strongly preferred).
- Hands-on-keyboard proficiency in a modern programming language (e.g., Go, Python), with the ability to perform meaningful code reviews and guide technical architecture.
- Demonstrated success leading vulnerability management programs, from detection through remediation and verification.
- Deep experience with the tools and processes used to secure the SDLC, including SAST, DAST, SCA, and CI/CD pipeline integration.
- Proven ability to run effective threat modeling exercises for complex applications and services.
- Excellent communication skills, with the ability to articulate complex security risks and strategies to both technical and executive audiences.
- Experience securing platforms in a regulated healthcare environment and deep familiarity with HIPAA and HITRUST controls.
- Background in running external-facing security programs like bug bounty, responsible disclosure, or customer security reviews.
- Familiarity with Infrastructure as Code (IaC) principles and tools like Terraform, and an understanding of how they influence application security.
- Experience navigating compliance frameworks beyond healthcare, such as ISO 27001 or SOC 2.
Physical/Cognitive Requirements:
- Capability to remain seated in a stationary position for prolonged periods.
- Eye-hand coordination and manual dexterity to operate keyboard, computer and other office-related equipment.
- Capability to work with leadership, employees, and members in an appropriate manner.
Pay:
The United States new hire base salary target ranges for this full-time position are:
Zone A: $188,270 - $265,930 + equity + benefits
Zone B: $207,097 - $292,523 + equity + benefits
Zone C: $225,924 - $319,116 + equity + benefits
Zone D: $244,751 - $345,709 + equity + benefits
This range reflects the minimum and maximum target for new hire salaries for candidates based on their respective Zone. Below is additional information on Included Health's commitment to maintaining transparent and equitable compensation practices across our distinct geographic zones.
Starting base salary for you will depend on several job-related factors, unique to each candidate, which may include education; training; skills; years and depth of experience; certifications and licensure; our needs; internal peer equity; organizational considerations; and understanding of geographic and market data. Compensation structures and ranges are tailored to each zone's unique market conditions to ensure that all employees receive fair and great compensation package based on their roles and locations. Your Recruiter can share your geographic zone upon inquiry.
Benefits & Perks:
In addition to receiving a great compensation package, the compensation package may include, depending on the role, the following and more:
Remote-first culture
401(k) savings plan through Fidelity
Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)
Paid Time Off ("PTO") and Discretionary Time Off (“DTO")
12 weeks of 100% Paid Parental leave
Family Building & Compassionate Leave: Fertility coverage, $25,000 for surrogacy/adoption, and paid leave for failed treatments, adoption or pregnancies.
Work-From-Home reimbursement to support team collaboration home office work
Your recruiter will share more about the salary range and benefits package for your role during the hiring process.
About Included Health
Included Health is a new kind of healthcare company, delivering integrated virtual care and navigation. We’re on a mission to raise the standard of healthcare for everyone. We break down barriers to provide high-quality care for every person in every community — no matter where they are in their health journey or what type of care they need, from acute to chronic, behavioral to physical. We offer our members care guidance, advocacy, and access to personalized virtual and in-person care for everyday and urgent care, primary care, behavioral health, and specialty care. It’s all included. Learn more at includedhealth.com.
-----
Included Health is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, state, or local law. Included Health considers all qualified applicants with arrest or conviction records in accordance with the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance, and California law.
Top Skills
AWS
Ci/Cd
Dast
Go
Python
Sast
Sca
Terraform
Similar Jobs
Cloud • Security • Software • Cybersecurity • Automation
This role entails leading product marketing for GitLab's security portfolio, developing messaging, demand generation, and go-to-market strategies while collaborating with cross-functional teams to drive revenue growth.
Top Skills:
AICompliance FrameworksDastDevsecopsHipaaIso 27001PciSastScaSlsaSoc 2
Artificial Intelligence • Healthtech • Telehealth
The Labor & Trust Sales Director manages the sales cycle for Labor & Trust opportunities, builds partnerships, drives new business, and meets sales targets while promoting mental health solutions.
Fintech • Machine Learning • Payments • Software • Financial Services
Lead the travel service team at Velocity Black, driving sales and service targets. Collaborate across departments, analyze performance metrics, and manage member escalations while ensuring an exceptional travel experience for clients.
What you need to know about the Los Angeles Tech Scene
Los Angeles is a global leader in entertainment, so it’s no surprise that many of the biggest players in streaming, digital media and game development call the city home. But the city boasts plenty of non-entertainment innovation as well, with tech companies spanning verticals like AI, fintech, e-commerce and biotech. With major universities like Caltech, UCLA, USC and the nearby UC Irvine, the city has a steady supply of top-flight tech and engineering talent — not counting the graduates flocking to Los Angeles from across the world to enjoy its beaches, culture and year-round temperate climate.
Key Facts About Los Angeles Tech
- Number of Tech Workers: 375,800; 5.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Snap, Netflix, SpaceX, Disney, Google
- Key Industries: Artificial intelligence, adtech, media, software, game development
- Funding Landscape: $11.6 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Strong Ventures, Fifth Wall, Upfront Ventures, Mucker Capital, Kittyhawk Ventures
- Research Centers and Universities: California Institute of Technology, UCLA, University of Southern California, UC Irvine, Pepperdine, California Institute for Immunology and Immunotherapy, Center for Quantum Science and Engineering
