Manager, Application Security

Manager, Application Security

Location: Hybrid, Alpharetta, GA
Employment Type: Full-Time
Compensation: $130,000.00 - $172,000.00 (Range applies to US candidates only) + Benefits/Variable Comp/Equity - Range may vary based on experience. Benefits Offered: Vision, Medical, Life, Dental, 401K

Summary

OneStream is seeking an Application Security Manager to lead its AppSec program within the Information Security team. This hands-on leadership role manages a team of Application Security Engineers and partners closely with development teams to embed security throughout the software development lifecycle (SDLC). The ideal candidate brings deep expertise in secure coding, threat modeling, and security testing tools (SAST, DAST), along with strong experience integrating security into CI/CD pipelines. They will define and evolve AppSec standards, conduct risk assessments, ensure alignment with frameworks like OWASP and NIST, and foster a culture of secure development across the organization.

Primary Duties and Responsibilities

• Lead and manage OneStream's Application Security program, overseeing project delivery, AppSec roadmap development, and team performance.
• Build and evolve the AppSec maturity model and strategy, aligning with organizational goals and future growth.
• Supervise and mentor Application Security Engineers, providing technical guidance and career development.
• Administer and enhance AppSec tools (e.g., SAST, DAST, SCA) and drive vulnerability remediation efforts.
• Perform manual and automated application security testing, including code reviews, scanning, and penetration testing.
• Partner with Development and Engineering teams to integrate security throughout the SDLC and CI/CD pipelines.
• Define and enforce secure coding standards, AppSec policies, and threat modeling practices.
• Assess and improve software supply chain security, including dependency and third-party library management.
• Deliver secure development training to engineers and champion a culture of security-first development.
• Collaborate with Compliance and GRC to ensure audit readiness and alignment with standards (e.g., SOC 2, ISO 27001).

Required Education and Experience

• BSc/BA in Computer Science, Engineering, or relevant field.
• 10-12 years' of experience in application security, penetration testing, or development.
• 5+ years leading Security teams, or experience in a similar Security leadership role.

Preferred Education and Experience

• Strong background in IT systems analysis, implementation, and compliance.
• Proficient in C#/.NET development and code review.
• Experience with penetration testing, reverse engineering, and decompiling .NET libraries.
• Solid understanding of IT infrastructure, networks, and security frameworks (SOC 2, FedRAMP).
• Good knowledge of IT Compliance, policy development, and implementation.
• Experience following an information technology budget.
• Any industry recognized certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Offensive Security Certified Professional (OSCP), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), GIAC Penetration Tester (GPEN), etc.
• Experience leadership, communication, and organizational skills.

Knowledge, Skills, and Abilities

• Highly organized with the ability to manage multiple priorities and projects efficiently.
• Strong analytical and critical reasoning skills to assess complex situations and make informed decisions.
• Self-motivated and proactive, demonstrating initiative as a self-starter.
• Independent thinker who exercises sound judgment and good decision-making under pressure.
• Agile and adaptable, able to think quickly and respond effectively in dynamic environments.
• Skilled at evaluating options by weighing pros and cons to determine the best course of action.
• Proven ability to multitask and balance competing demands effectively.
• Excellent prioritization skills to focus on high-impact tasks and deadlines.
• Comfortable and effective in communicating with stakeholders at all organizational levels.
• Experience with OneStream Software not required, but experience with any financial consolidation package is a plus.

Supervisory Responsibilities

This role is responsible for managing, coaching, and leading a team of Security Engineers specializing in application security.

Travel

Regular travel is not expected for this position.

Who We Are

OneStream is how today's Finance teams can go beyond just reporting on the past and Take Finance Further by steering the business to the future. It's the only enterprise finance platform that unifies financial and operational data, embeds AI for better decisions and productivity, and empowers the CFO to become a critical driver of business strategy and execution. Our vision is to be the operating system for modern finance, digitizing core financial functions and empowering the CFO to become a critical driver of business strategy. To learn more visit www.onestream.com.

Why Join The OneStream Team

• Transparency around corporate structure, salary, and benefits
• Core value of customer success
• Variety of project work (not industry-specific)
• Strong culture and camaraderie
• Multiple training opportunities

Benefits at OneStream
OneStream employees are passionate, hardworking individuals who go above and beyond to keep our customers happy and follow through on our mission statement. They consistently deliver the best and in turn, we make every effort to keep them cared for and happy. A sample of the benefits we provide are:

• Excellent Medical Plan
• Dental & Vision Insurance
• Life Insurance
• Short & Long Term Disability
• Vacation Time
• Paid Holidays
• Professional Development
• Retirement Plan

All candidates must be legally authorized to work for any company in the country where this position is located without sponsorship.

OneStream is an Equal Opportunity Employer.

#LI-CB1
#LI-Hybrid