To Apply for this Job Click Here
Job Title: Application Security and DevSecOps Manager
Location: Utah (hybrid) or Remote
Job-Type: Full-Time
Salary Range: $165K – $180K + Annual Bonus
Referral Fee: $3,000
Position Overview:
The Identity & Infrastructure Security Manager is a hands-on leadership role focused on safeguarding e Application Security & DevSecOps team leads the secure-by-design transformation of our software development and delivery ecosystem. This team safeguards critical systems and data by integrating application security, automation, and DevSecOps best practices across the SDLC. The team works closely with developers, architects, cloud engineers, and security operations to ensure all code and infrastructure changes meet our organization’s risk, compliance, and resilience expectations.
Duties & Responsibilities:
- Define and execute the Application Security & DevSecOps roadmap aligned with business and security goals.
- Lead and mentor a team of application security analysts, engineers, and automation specialists.
- Partner with senior engineering leadership to ensure alignment between security controls and developer productivity.
- Oversee code reviews, threat modeling, and secure architecture practices across projects.
- Maintain the vulnerability management process for internally developed and third-party applications.
- Lead efforts in secure coding education and champion security awareness in engineering teams.
- Integrate security tooling into CI/CD workflows (e.g., SAST, DAST, SCA, secrets detection).
- Implement scalable security-as-code and infrastructure-as-code practices to ensure enforcement at build-time.
- Collaborate on secure cloud deployments, container hardening, and secure release orchestration.
- Manage toolsets including Checkmarx, SonarQube, OWASP ZAP, Bitbucket, TeamCity, and others.
- Track metrics related to scan coverage, remediation SLAs, and policy adherence.
- Continuously evaluate emerging technologies that support application and DevOps security.
Required Experience & Skills:
- Bachelor’s degree, or equivalent experience, in Computer Science, Cybersecurity, Engineering, or a related field.
- 6+ years of experience in application security, DevSecOps, or secure software development.
- 2+ years of direct leadership or management experience in a security or DevOps team.
- Expertise in modern application development environments (.NET, Java, JavaScript, Python, etc.)
- Deep understanding of OWASP Top Ten, CWE, MITRE ATT&CK for Cloud, and SDLC models.
- Strong communication skills and experience working cross-functionally with engineering and risk leaders.
- Hands-on experience integrating SAST, DAST, SCA, and container security into CI/CD pipelines.
- Familiarity with Agile and modern DevOps tooling.
- Relevant certifications such as CSSLP, OSWE, GIAC-GWEB, or Azure DevOps Security.
Employment Eligibility: Gravity cannot transfer nor sponsor a work visa for this position. Applicants must be eligible to work in the U.S. for any employer directly (we are not open to contract or “corp to corp” agreements).