Skip to content
BettermentBettermentNew York, NY

Sr. Engineering Manager, Application Security

Senior Engineering Manager leading Application Security squad to build secure software by default through threat modeling, design reviews, vulnerability management, and developer tooling. Requires hands-on team leadership and expertise across the AppSec stack.

210k – 250k
Hybrid7+ YOESecurity Engineering

About the role

Responsibilities

  • Oversee the development of paved roads, libraries, and guardrails that make it easier for developers to commit, test, build, deploy, and operate code securely by default.
  • Build and maintain the threat modeling, design review, and vulnerability management programs that protect customers, employees, and the business.
  • Drive the adoption of AI across AppSec operations to achieve scaled security workflows, creating leverage for senior engineers.
  • Lead and mentor engineers on Betterment’s senior-leaning AppSec squad.
  • Establish strong lines of communication with stakeholders across engineering, product, legal, compliance, and risk to understand and deeply support the needs of teams building products across all business lines.
  • Inspire and maintain a strong, equitable engineering culture founded on transparency, inclusivity, mentorship, and collaboration.
  • Continuously innovate and seek out ways to meet the near- and long-term strategic security needs of the organization.

Requirements

  • Expertise across the application security stack: secure SDLC, threat modeling, secure design review, code review, vulnerability management, and the cloud-native ecosystem (AWS, containers, Kubernetes, CI/CD).
  • Experience with hands-on managing, mentoring, and inspiring a team of talented security engineers, including senior engineers. Demonstrated success as a true player-coach is a must.
  • Experience establishing or scaling a Security Champions or distributed threat modeling program, with a focus on empowering engineering squads to own security outcomes and integrating these practices into the existing software development lifecycle.
  • Experience leading execution of large team initiatives and execution of smaller concurrent projects in partnership with senior engineers.
  • Familiarity with AI-assisted security tools and a curiosity for exploring how AI can enhance both security workflows and the security posture of the AI-powered features engineers are building.
  • A real passion for application security and for empowering developers to do the right thing easily.
  • Experience collaborating with other engineering teams, product managers, subject matter experts, and non-technical stakeholders such as legal, compliance, and risk.

Nice-to-Haves

  • Experience with AI-assisted security tools and workflows.

Skills

Application SecuritySecure SdlcThreat ModelingSecure Design ReviewVulnerability ManagementAWSKubernetesCI/CDContainersAi-Assisted Security Tools
Replit

Third Party Risk Management and Customer Trust Lead

ReplitFoster City, CA

Lead substantive third-party risk management and customer trust programs at Replit, independently assessing vendor and AI model risks via SOC 2 reviews, architecture analysis, and contract redlining in partnership with Legal. Requires 8+ years GRC experience building scalable TPRM processes.

210k – 270k
Hybrid8+ YOESecurity Engineering
Alembic

Lead Security Engineer

AlembicSan Francisco, CA

Lead Security Engineer to own end-to-end system, network, and host security for an on-prem Kubernetes-based AI factory. Design controls, lead incident response, balance open culture with IP/customer data protection; requires 8+ years security engineering with deep Kubernetes, on-prem, and incident experience.

210k – 240k
On-site8+ YOESecurity Engineering
Replit

Senior Software Engineer, Fraud

ReplitFoster City, CA

Build and operate AI-powered fraud and abuse detection systems on Replit's agentic platform. Design LLM guardrails, ML classifiers, and automated response mechanisms to combat phishing, cryptomining, and platform exploitation.

210k – 265k
Hybrid4+ YOESecurity Engineering
Replit

Senior Software Engineer, Risk

ReplitFoster City, CA

Build and operate AI-powered abuse detection and response systems to protect Replit's platform from phishing, cryptomining, fraud, and LLM-specific attacks. Requires 4+ years in security/anti-abuse and strong Python/TypeScript + SQL skills.

210k – 265k
Hybrid4+ YOESecurity Engineering
Replit

Senior Software Engineer, Trust & Safety

ReplitFoster City, CA

Build and operate AI-powered abuse detection and response systems for a developer platform. Focus on LLM guardrails, fraud detection, and automated enforcement across millions of daily actions.

210k – 265k
Hybrid4+ YOESecurity Engineering