Senior Manager of Application Security

Kforce Inc • Full-time • Atlanta, GA, US • $200k - $231k / year • 3d ago

Responsibilities

Kforce is seeking a dynamic and experienced Senior Manager of Application Security to lead a high-performing team of application security engineers in Atlanta, GA. This role is critical to the security and integrity of Kforce's global suite of custom-built and third-party applications. The Senior Manager of Application Security will be responsible for ensuring secure development practices, overseeing dynamic application testing, managing web application firewalls, and establishing modern security standards for APIs and software development across the enterprise. Summary: As a hands-on leader, you will embed security throughout the software development lifecycle and partner closely with engineering teams to align security initiatives with business and technical goals. You will lead the charge in protecting Kforce's platforms from evolving threats-safeguarding both enterprise and customer-facing solutions. This role reports directly to the Director of Cybersecurity Software Engineering. Key Responsibilities:

Lead and mentor a team of application security engineers focused on identifying and mitigating vulnerabilities across internal and external applications
Develop and enforce secure coding practices and risk-based controls integrated into development workflows and DevSecOps pipelines
Oversee the configuration, tuning, and management of Web Application Firewalls (WAF) protecting public-facing web assets
Direct manual and automated application security testing efforts, including oversight of third-party penetration testing providers
Manage the responsible disclosure process, coordinating communication with external researchers to validate and remediate vulnerabilities
Collaborate with cross-functional teams, ensuring security policies and procedures are effectively applied across platforms and services
Participate in cybersecurity incident response activities and post-mortem reviews to enhance detection and prevention capabilities

Requirements

Bachelor's degree in Computer Science, Cybersecurity, or a related field (or equivalent experience)
8+ years of professional experience, with at least 6 years in cybersecurity and 3 years in a formal leadership capacity
Strong hands-on expertise in secure software development, static and dynamic code analysis, WAF management, and API security
Proficiency in Python, with additional experience in languages such as Java, JavaScript (React/Node), C#, Go, or PHP
Proven experience building and implementing secure coding standards and influencing architectural decisions across engineering teams
Strong communication and collaboration skills, with the ability to clearly explain complex security topics to technical and executive stakeholders
Demonstrated ability to lead teams, manage priorities, and deliver in fast-paced enterprise environments

Preferred Qualifications

Industry certifications including CISSP, CISM, CEH, OSCP, AWS/Azure certifications are a plus
Experience securing applications in large-scale, multi-cloud environments (AWS, Azure, or GCP)
Familiarity with the AWS Well-Architected Framework and secure cloud architecture design
In-depth knowledge of IAM, cryptography, secrets management, OAuth, SAML, and modern access control protocols
Experience with Agile, DevSecOps practices, and containerized deployments (e.g., Kubernetes, ECS, EKS, Lambda)
Hands-on knowledge of network security concepts and security technologies like firewalls, edge services, and DMZ architectures
Exposure to regulated industries (e.g., finance, healthcare, telecommunications, defense) and compliance frameworks such as NIST, ISO 27001, GDPR, FFIEC, or GLBA
Background in consulting (Big Four) or large-scale enterprise environments is highly desirable

The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.

We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.

This job is not eligible for bonuses, incentives or commissions.

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

By clicking “Apply Today” you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.