Application Security Lead / Manager

About Iru Iru is the AI-powered security & IT platform used by the world’s fastest-growing companies to secure their users, apps, and devices. Built for the AI era, Iru unifies identity & access, endpoint security & management, and compliance automation—collapsing the stack and giving IT & security time and control back. Iru is backed by some of the smartest investors in tech—General Catalyst, Tiger Global, Felicis, Greycroft, and First Round Capital. In July 2024, Iru raised $100 million from General Catalyst, valuing the company at $850 million. Customers include Notion, Cursor, Lovable, Replit, and Mercor, and Iru partners with industry leaders such as ServiceNow and AWS. Iru was named to Forbes’ America’s Best Startup Employers 2025 list for employee engagement and satisfaction. The Opportunity Iru is seeking an experienced and hands-on Application Security Lead / Manager to own and mature our Application Security program. This role will serve as the operational leader for AppSec, partnering closely with Engineering, Product, and Security leadership to ensure security is embedded throughout the software development lifecycle. The ideal candidate combines strong technical application security expertise with the ability to influence engineering teams, drive remediation accountability, and scale security processes in a fast-moving environment. This position is critical to strengthening our security posture, reducing risk, and enabling engineering teams to deliver secure products at speed. Benefits & Perks Competitive salary Hybrid work environment (3 days in office per week) 100% individual and dependent medical + dental + vision coverage 401(K) with a 4% company match 20 days PTO Iru Wellness Week the first week in July Equity for full-time employees In-office lunch stipend provided Up to 16 weeks of paid leave for new parents Paid Family and Medical Leave Modern Health mental health benefits for individuals and dependents Fertility benefits Working Advantage employee discounts Onsite fitness center Free parking Exciting opportunities for career growth We are excited to be serving a significant need for a fast-growing market, and are proud of the high-performing team we have brought together so far. If you’re someone who wants to engage in new, exciting projects that will challenge your skills in the best way possible, we would love to connect with you. At Iru, we believe in fostering an inclusive environment in which employees feel encouraged to share their unique perspectives, leverage their strengths, and act authentically. We know that diverse teams are strong teams, and welcome those from all backgrounds and varying experiences. Iru is proud to be an equal opportunity employer committed to diversity and inclusion in the workplace. Qualified applicants will be considered for employment without regard to race, color, religion, national origin, age, sex, sexual orientation, gender identity, physical or mental disability, protected veteran or military status or any other status protected by applicable law. #LI-Hybrid Responsibilities Application Security Program Ownership Own and manage the Application Security program and secure software development lifecycle (SSDLC). Establish, maintain, and continuously improve application security standards, policies, and procedures. Ensure security requirements are integrated into engineering roadmaps and development processes. Security Assessments & Threat Modeling Conduct technical security reviews and application security assessments. Lead threat modeling initiatives across products and platforms. Identify architectural and design-level security risks and partner with engineering teams on mitigation strategies. Vulnerability Management & Remediation Drive the end-to-end vulnerability management lifecycle for applications and services. Establish remediation priorities and accountability across engineering teams. Track, report, and improve vulnerability remediation performance and risk reduction metrics. Penetration Testing & Offensive Security Manage external penetration testing engagements and red team activities. Coordinate findings validation, remediation planning, and closure activities. Ensure testing results are translated into actionable security improvements. Security Tooling & CI/CD Integration Oversee implementation and optimization of application security tooling, including: SAST DAST Software Composition Analysis (SCA) Secrets detection Infrastructure-as-Code scanning Integrate security controls and automated testing into CI/CD pipelines. Continuously improve security gates while maintaining developer productivity. Engineering Partnership & Enablement Serve as the primary security partner to Engineering leadership. Drive security awareness and secure coding practices across development teams. Build scalable processes that enable engineers to identify and address security issues efficiently. Promote a culture of shared security ownership. Minimum Qualifications 7+ years of experience in Application Security, Product Security, or Security Engineering. Strong understanding of secure software development practices and modern application architectures. Experience performing threat modeling, security assessments, and code review activities. Hands-on experience with vulnerability management and remediation programs. Experience managing external penetration testing engagements. Deep familiarity with modern AppSec tooling and CI/CD security integration. Strong communication skills with the ability to influence engineering and product stakeholders. Preferred Qualifications Experience leading or building AppSec programs in cloud-native environments. Knowledge of AWS, Azure, or GCP security best practices. Experience with DevSecOps methodologies and automation. Relevant security certifications such as CISSP, CSSLP, GWAPT, GWEB, or OSCP. Success Metrics Success in this role will be measured by: Reduction in critical and high-severity security vulnerabilities. Improved Mean Time to Remediation (MTTR). Increased developer adoption and engagement with security programs. Reduction in recurring security findings across products. Effectiveness and integrity of pull request security gates. Maturity and efficacy of security review pipelines. Successful integration of security requirements into engineering planning and delivery.

{
  "content_hash": "d3d696df2eacdea7ee3250da84940b1457482d8df5799a865e77f3323ab6fc8b",
  "source_hash": "34204c641292c25d606dc56d61b3207e9ff3cd372556261ca8fcea5b82fde175",
  "last_changed_at": "2026-06-06T07:55:25.996Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "Miami",
    "city": "Miami",
    "region": "FL",
    "country": "United States",
    "is_remote": false,
    "confidence": 0.75
  },
  "salary_max": null,
  "salary_min": null,
  "inferred_at": "2026-06-06T19:42:37.007Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "Miami",
      "city": "Miami",
      "region": "FL",
      "country": "United States",
      "is_remote": false,
      "confidence": 0.75
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": "hybrid",
  "salary_period": null,
  "workplace_type": "hybrid",
  "salary_currency": null
}

{}

{
  "lists": [
    {
      "text": "Responsibilities",
      "content": "<div>\n<h3><strong>Application Security Program Ownership</strong></h3>\n\n<li>Own and manage the Application Security program and secure software development lifecycle (SSDLC).</li>\n<li>Establish, maintain, and continuously improve application security standards, policies, and procedures.</li>\n<li>Ensure security requirements are integrated into engineering roadmaps and development processes.</li>\n\n<h3><strong>Security Assessments &amp; Threat Modeling</strong></h3>\n\n<li>Conduct technical security reviews and application security assessments.</li>\n<li>Lead threat modeling initiatives across products and platforms.</li>\n<li>Identify architectural and design-level security risks and partner with engineering teams on mitigation strategies.</li>\n\n<h3><strong>Vulnerability Management &amp; Remediation</strong></h3>\n\n<li>Drive the end-to-end vulnerability management lifecycle for applications and services.</li>\n<li>Establish remediation priorities and accountability across engineering teams.</li>\n<li>Track, report, and improve vulnerability remediation performance and risk reduction metrics.</li>\n\n<h3><strong>Penetration Testing &amp; Offensive Security</strong></h3>\n\n<li>Manage external penetration testing engagements and red team activities.</li>\n<li>Coordinate findings validation, remediation planning, and closure activities.</li>\n<li>Ensure testing results are translated into actionable security improvements.</li>\n\n<h3><strong>Security Tooling &amp; CI/CD Integration</strong></h3>\n\n<li>Oversee implementation and optimization of application security tooling, including:\n\n</li><li>SAST</li>\n<li>DAST</li>\n<li>Software Composition Analysis (SCA)</li>\n<li>Secrets detection</li>\n<li>Infrastructure-as-Code scanning</li>\n\n\n<li>Integrate security controls and automated testing into CI/CD pipelines.</li>\n<li>Continuously improve security gates while maintaining developer productivity.</li>\n\n<h3><strong>Engineering Partnership &amp; Enablement</strong></h3>\n\n<li>Serve as the primary security partner to Engineering leadership.</li>\n<li>Drive security awareness and secure coding practices across development teams.</li>\n<li>Build scalable processes that enable engineers to identify and address security issues efficiently.</li>\n<li>Promote a culture of shared security ownership.</li>\n\n</div>"
    },
    {
      "text": "Minimum Qualifications ",
      "content": "<div>\n\n<li>7+ years of experience in Application Security, Product Security, or Security Engineering.</li>\n<li>Strong understanding of secure software development practices and modern application architectures.</li>\n<li>Experience performing threat modeling, security assessments, and code review activities.</li>\n<li>Hands-on experience with vulnerability management and remediation programs.</li>\n<li>Experience managing external penetration testing engagements.</li>\n<li>Deep familiarity with modern AppSec tooling and CI/CD security integration.</li>\n<li>Strong communication skills with the ability to influence engineering and product stakeholders.</li>\n\n</div>"
    },
    {
      "text": "Preferred Qualifications ",
      "content": "<div>\n\n<li>Experience leading or building AppSec programs in cloud-native environments.</li>\n<li>Knowledge of AWS, Azure, or GCP security best practices.</li>\n<li>Experience with DevSecOps methodologies and automation.</li>\n<li>Relevant security certifications such as CISSP, CSSLP, GWAPT, GWEB, or OSCP.</li>\n\n</div>"
    },
    {
      "text": "Success Metrics ",
      "content": "<p>Success in this role will be measured by:</p>\n\n<li>Reduction in critical and high-severity security vulnerabilities.</li>\n<li>Improved Mean Time to Remediation (MTTR).</li>\n<li>Increased developer adoption and engagement with security programs.</li>\n<li>Reduction in recurring security findings across products.</li>\n<li>Effectiveness and integrity of pull request security gates.</li>\n<li>Maturity and efficacy of security review pipelines.</li>\n<li>Successful integration of security requirements into engineering planning and delivery.</li>\n"
    }
  ],
  "country": "US",
  "createdAt": 1780586332361,
  "updatedAt": null,
  "categories": {
    "team": "Security and Trust",
    "location": "Miami",
    "commitment": "Full-Time",
    "department": "G&A",
    "allLocations": [
      "Miami"
    ]
  },
  "salaryRange": null,
  "workplaceType": "hybrid"
}