Security Engineering Manager

We are seeking a Security Engineering Manager to lead and evolve our security engineering function within a growing financial risk and advisory SaaS business. This role is ideal for an engineering-first leader who thrives in a hands-on environment and is motivated to build, scale, and mature security capabilities in a cloud-native platform.

You will lead a small but growing team, while remaining deeply technical—designing and implementing security controls across cloud infrastructure, applications, and CI/CD pipelines. You will play a critical role in strengthening our security posture, ensuring compliance with SOC 2 requirements, and enabling engineering teams to build securely at scale.

What You’ll Do

• Lead and grow the Security Engineering function, starting as a player-coach and scaling the team over time 

• Design, build, and implement security controls across Azure-based cloud infrastructure, containerized environments, and .NET applications 

• Establish and mature cloud security and application security practices, including secure architecture patterns and threat modeling 

• Secure the software development lifecycle (SDLC) by integrating security into CI/CD pipelines and developer workflows 

• Own and manage third-party penetration testing, including vendor coordination, scope definition, and remediation tracking 

• Develop and deliver secure coding training and guidance to engineering teams, driving adoption of best practices 

• Build and maintain auditable security controls aligned with SOC 2 requirements,partner closely with internal stakeholders and external auditors 

• Collaborate cross-functionally with Engineering, DevOps, and Compliance to embed security into the development and delivery process 

• Evaluate, implement, and operate security tooling, with a focus on automation and scalability (shifting from building to optimizing over time) 

• Implement and manage cloud security scanning and posture management, including continuous monitoring for misconfigurations, vulnerabilities, and drift across Azure environments 

• Identify and address emerging risks related to AI/LLM usage, including vulnerability management, secure integration practices, and guidance for engineering teams adopting AI capabilities

• Remain hands-on—able to dive into technical challenges, review architecture, and contribute directly when needed 

​What Success Looks Like (First 12 Months)

• Strengthened and matured cloud and application security practices across the organization

• Implemented robust policy scanningand vulnerability management practices

• Implemented effective security controls within CI/CD pipelines and development workflows 

• Established and maintained robust, auditable controls aligned to SOC 2 requirements 

What You Bring

• 7+ years of experience in security engineering, with a strong foundation in software or cloud engineering 

• Proven experience leading or mentoring engineers, with a desire to build and scale a team 

• Deep hands-on expertise in cloud security (Azure required; AWS familiarity preferred) 

• Experience securing modern application stacks, including .NET applications and containerized environments

• Strong understanding of application security principles, including secure coding practices, threat modeling, and common vulnerabilities (OWASP Top 10) 

• Experience integrating security into CI/CD pipelines and developer tooling 

• Familiarity with SOC 2 controls, including designing and implementing auditable technical controls and working with auditors 

• Experience managing or working with third-party penetration testing vendors 

• Strong problem-solving skills with the ability to operate both strategically and tactically 

• Experience with security tooling such as SAST, DAST, container scanning, and cloud security posture management (CSPM)

• Excellent collaboration and communication skills, particularly in working with engineering teams