• Application Deadline:
• Position: Manager: Application Security Engineering Lead



• Job Type Full Time



• Qualification BA/BSc/HND , MBA/MSc/MA



• Experience 8 - 12 years



• Location Lagos




• Job Field ICT / Computer 
  
  

Responsibilities

Security Strategy & Leadership

• Define and execute the application security roadmap, ensuring alignment with enterprise security strategy and compliance obligations.


• Champion secure-by-design and DevSecOps practices across backend, frontend, mobile, cloud, and integration teams.


• Partner with engineering, product, and security stakeholders to balance speed-to-market with security and compliance.


• Stay ahead of emerging threats, tools, and frameworks relevant to application security.

Secure SDLC & DevSecOps Enablement

• Embed security into every stage of the software development lifecycle (SDLC).


• Oversee deployment of application security testing tools (SAST, DAST, IAST, SCA) within CI/CD pipelines.


• Drive adoption of secure coding practices, threat modelling, and code reviews.


• Establish policies and playbooks for secure development and release management.

Governance, Risk & Compliance

• Ensure applications comply with regulatory and industry standards (e.g., PCI DSS, GDPR, POPIA, ISO 27001, SOC 2).


• Oversee secure design reviews, penetration testing, and vulnerability remediation.


• Govern API security, identity management, and encryption standards across platforms.


• Partner with enterprise GRC (Governance, Risk & Compliance) to manage audits and security certifications.

Leadership & People Development

• Lead and mentor application security engineers, DevSecOps specialists, and secure coding champions.


• Build organizational expertise in secure development, cloud-native security, and API security.


• Foster a culture of security-first engineering through training, awareness, and technical leadership.


• Develop career pathways and succession planning for security-focused engineering talent.

Stakeholder & Vendor Management

• Collaborate with DevOps, cloud, and software engineering leads to ensure security alignment across platforms.


• Partner with external vendors and consultants for pen testing, code audits, and security toolchains.


• Represent application security in architecture boards, risk committees, and executive forums.


• Manage vendor relationships for AppSec platforms, scanners, and monitoring tools.

Qualifications

Education & Certifications

• Bachelor’s degree in Computer Science, Software Engineering, Information Security, or related field (mandatory).


• Postgraduate qualification (MSc in Cybersecurity, MBA) – advantageous.


• Professional Certifications (preferred/required): CISSP, CISM, or CISA; CSSLP, GWAPT, or OSWE; AWS/Azure/GCP Security certifications, Kubernetes Security Specialist; SAFe Practitioner, Scrum Master (advantageous).

Experience

• 8–12 years’ experience in software or security engineering, with at least 3–5 years in an application security leadership role.


• Proven track record in embedding security into large-scale enterprise software delivery.


• Hands-on experience with secure coding, API security, cryptography, and OWASP Top 10.


• Experience implementing SAST, DAST, IAST, and SCA tools into CI/CD pipelines.


• Strong exposure to cloud-native architectures, microservices, and containerized environments.


• Experience managing security audits, regulatory compliance, and third-party risk assessments.

Core Skills & Competencies

• Deep expertise in application security frameworks, secure SDLC, and DevSecOps.


• Strong knowledge of threat modelling, risk assessment, and security design reviews.


• Leadership ability to build and mentor security-focused engineering teams.


• Excellent stakeholder engagement skills, with the ability to influence engineering and executive leadership.


• Strong analytical and problem-solving abilities with a proactive, prevention-first mindset.