Senior Product Manager, Appsec

capitalonecareers.ca

McLean, VA, USA
Mclean, va: $229,900 - $262,400; new york, ny: $25...
Not specified
Application security scanning tools
Shift-left security mindset
Developer experience improvement
Capital One is seeking a Senior Product Manager for Application Security to lead the strategy and vision for AppSec scanning tools that enhance developer experience while maintaining security. The ideal candidate will have significant experience in cybersecurity and application security, focusing on building relationships with engineering teams and ensuring a robust security posture

Job Summary

  • Drive strategy for Appsec scanning tools with a shift left mindset to improve developer experience.
  • Own the multi-year product roadmap for Application Security ensuring alignment with enterprise risk appetites and the evolving threat landscape.
  • Establish the governance model for vulnerability disposition (SAST/DAST/OffSec, ensuring clear SLAs, audit trails, and exception workflows that don't hinder velocity.

Matching Summary

Match Score: 85

Capital One is seeking a Senior Product Manager for Application Security to lead the strategy and vision for AppSec scanning tools that enhance developer experience while maintaining security. The ideal candidate will have significant experience in cybersecurity and application security, focusing on building relationships with engineering teams and ensuring a robust security posture.

Salary

McLean, VA: $229,900 - $262,400; New York, NY: $250,800 - $286,200; Plano, TX: $209,000 - $238,500; Richmond, VA: $209,000 - $238,500; Bonus/Equity: Performance based incentive compensation; Benefits: Comprehensive, competitive, and inclusive set of health, financial and other benefits

Skills & Requirements

Must-have

  • Application Security scanning tools
  • Shift-left security mindset
  • Developer experience improvement
  • Product strategy and roadmap
  • AI-application security integration

Nice-to-have

  • Customer obsession
  • Strategic mindset
  • Technical credibility
  • Product rigor
  • Stakeholder management

Key Requirements

  • At least 6 years of experience in cybersecurity or information technology
  • At least 3 years of experience translating cybersecurity strategy and analysis into product requirements
  • At least 3 years of application security experience
  • 4+ years in Application or Product Security or Software Engineering with an emphasis on AppSec and vulnerability management strategy
  • 4+ years of experience managing AppSec products in a large-scale enterprise
  • 2+ years of experience defining standards for AI-augmented development and ethical AI usage
  • 2+ years of experience working in cloud-native environments
  • Knowledge of OWASP Top 10 and software supply chain security
  • Experience with automated DAST and manual Penetration Testing

Work Rights

Not specified

Tailored Resume

Cover Letter