Senior Manager, Application Security (Remote)
Job Description
Who We Are
Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for eleven consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit www.careers.firstam.com.What We Do
We are open to remote or hybrid candidates for this role.Be part of a transformative team that is shaping the way First American builds and delivers world-class technology products that fuel the real estate industry. We are looking for the best-of-the-best technology experts that will envision, design, build, and deliver innovative solutions that provide exceptional experiences and lasting value to our customers.
First American is seeking Senior Manager, Application Security candidates to grow our team. This person will bring a strong blend of security engineering expertise and people leadership, with a proven ability to build and scale enterprise application security programs. As a Senior Manager, Application Security, you will lead efforts to embed security into the software development lifecycle, partner closely with engineering teams, and drive a secure-by-design culture across the organization while enabling high-velocity product delivery.
What You’ll Do:
Define, build, and evolve the enterprise Application Security (AppSec) strategy and roadmap aligned to business priorities and risk posture
Own and scale the AppSec program, including secure SDLC standards, policies, and governance across all applications and platforms
Partner with engineering and platform teams to integrate security into CI/CD pipelines, tooling, and developer workflows
Drive threat modeling, security architecture reviews, and vulnerability management to identify and mitigate application-layer risks
Evaluate, implement, and optimize AppSec tooling (SAST, DAST, SCA, API security, container security) and automate security processes at scale
Build, mentor, and lead a high-performing team of application security engineers and specialists
Collaborate with Engineering, Product, Cloud, Infrastructure, and GRC teams to embed security into product design and delivery
Establish and track key security metrics to measure program effectiveness and communicate risk posture to leadership
Ensure applications meet security, regulatory, and audit requirements while supporting internal and external assessments
Promote a developer-centric security culture through education, training, and security best practice adoption
What You’ll Bring:
8+ years of experience in application security, security engineering, or related cybersecurity roles
3+ years of experience leading or managing teams in a security or engineering organization
Strong expertise in secure application development, including secure coding, threat modeling, and SDLC integration
Deep understanding of modern application architectures (microservices, APIs, cloud-native, distributed systems)
Experience implementing DevSecOps practices and integrating security into CI/CD pipelines
Hands-on experience with application security tools (SAST, DAST, SCA, container security, API security)
Demonstrated ability to assess and prioritize risk, and drive remediation across engineering teams
Strong cross-functional communication and stakeholder management skills
Proven ability to influence engineering teams and drive adoption of security practices
Bachelor's degree in computer science, Information Security, or related field (or equivalent experience)
Ideally, You’ll Also Have Experience With:
Operating in a regulated environment (financial services, fintech, or similar)
Cloud platforms (AWS, Azure, or GCP) and cloud security best practices
Zero Trust architecture and modern identity/security models
This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.
** Note that the following statements only apply to candidates who will be working from an unincorporated area within Los Angeles County. **
First American will consider for employment all qualified applicants, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws (e.g., the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act).
First American intends to conduct a review of an applicant’s criminal history in connection with a conditional offer. First American reasonably believes that a criminal history may have a direct, adverse and negative relationship with the following material job duties for this position potentially resulting in the withdrawal of the conditional offer of employment: handling of confidential, proprietary or trade secret information belonging to First American or its customers, administrating or facilitating financial transactions, and the ability to meet customer-imposed criminal history requirements.