Manager/Principal Cyber Security Engineering

Manager of Application Security

Position Description

As the Manager (or Principal since this is a very technical leadership role) of Application Security, you will lead a team of skilled security professionals dedicated to protecting Sabre’s applications and data. In conjunction with the security architecture team, you will drive the strategy and execution of application security initiatives and continuous automation, ensuring robust protection against evolving threats and reduction of developer toil. This role requires expertise in application security and developing secure software solutions, and a leadership mindset that values a happy, healthy, and high-performing innovative team culture—where fun and focus go hand in hand.

Role and Responsibilities:

• Report to the Director of Application Security, Vulnerability Management, and SOAR.
• Collaborate with your leader and security architects to understand, establish and execute the application security strategy.
• Lead, mentor, and develop a team of application security engineers and analysts.
• Foster a culture of continuous improvement, knowledge sharing, and professional development within the team.
• Lead application security practices, including SAST/DAST/SCA scanning, onboarding, and support (e.g., Veracode or similar tools), and vulnerability management.
• Oversee manual and automated application penetration testing, vulnerability assessments, and remediation efforts across the SDLC and CI/CD pipelines.
• Own the application security roadmap, set team goals, and track key performance indicators (KPIs) for security posture improvement.
• Participate in security incident response, audit remediation, and application-based access control reviews.
• Lead or participate in threat modeling sessions for new applications and features.
• Integrate security checks into CI/CD workflows (e.g., secrets scanning, dependency checks, container scanning).
• Collaborate with developers and DevOps to implement secure build and deployment practices and drive adoption of automated security tools.
• Ensure that security gates do not hinder velocity but maintain compliance.
• Establish and maintain application security standards, baselines, and processes (e.g., Sabre internal policy/standards, OWASP, SANS, CERT, NIST).
• Provide subject matter expertise in secure coding, application architecture reviews, and threat modeling.
• Maintain audit readiness and documentation for application environments.
• Coordinate with global outsourcers and vendors to ensure consistent security practices and effective risk management.
• Maintain comprehensive documentation of security processes, findings, and best practices.
• Communicate security risks, strategies, and progress to executive leadership and stakeholders.

Qualifications and Education Requirements:

• Bachelor’s degree in Computer Science, Information Security, or related field.
• 7+ years of experience in application security, software engineering, including 1+ years in a leadership role.
• Strong background in software development and secure coding practices
• Experience coding in at least some of the following languages… Java, .Net, C#, C++, Golang, PHP, Ruby, other scripting languages.
• Some proficiency with SAST/DAST/SCA tools (e.g., Veracode), application inventory management, and security frameworks.
• Some hands-on experience with manual penetration testing, vulnerability assessment, and remediation.
• Experience working with global outsourcers and managing third-party security engagements.
• Excellent written and verbal communication skills; ability to present complex security topics to technical and non-technical audiences.
• Demonstrated ability to manage multiple projects, prioritize tasks, and drive results.

Nice to Have Qualifications:

• Experience with machine learning/AI for security automation and anomaly detection.
• Experience with cloud security, automation tools, and CI/CD pipeline integration.
• Experience with tools like Terraform, Ansible, Jenkins, GitHub Actions, GitDocs
• Experience with SNOW, RSA Archer.
• Knowledge of distributed architecture, high-availability systems, and capacity planning.
• Advanced degree (MS, MBA) or additional leadership training.
• Relevant certifications: Certified Ethical Hacker (CEH), OSCP, CISSP, GWAPT, GSSP, CASE, CSSLP, CCSP.