Senior Security Engineering Manager

Summary

Join GlossGenius as its first security engineering leader to define and execute a scalable security strategy. You will lead a team of security engineers, collaborate with engineering and product teams, and ensure products are built with security and resilience. Responsibilities include leading and mentoring a team, defining and implementing a comprehensive security strategy, collaborating with product and engineering teams, overseeing security testing programs, managing security incident response, driving automation of security controls, ensuring compliance, acting as a key stakeholder, engaging with external auditors, and fostering a security-first culture. The role reports to the VP of Engineering and offers remote or hybrid work options. GlossGenius empowers small business owners with business management tools, and this role is crucial in ensuring the security of their platform.

Requirements

• 6+ years of security or software engineering experience and 2+ years of people management experience
• Deep understanding of security principles and best practices, and a proven track record of improving security with a bias for action in a fast-moving environment with lots of autonomy
• Strong communication skills, both verbal and written, and proven ability to communicate complex security concepts to non-security partners
• A strong business acumen and customer-centric mindset, backed by data analytics skills

Responsibilities

• Lead, mentor, and grow a high-performing security engineering team (GRC, Detection & Response, Application Security), setting technical direction and priorities
• Define and implement a comprehensive security strategy that aligns with organizational goals and integrates security best practices across the software and hardware development lifecycle
• Collaborate with product and engineering teams to embed security-by-design principles, including threat modeling, secure architecture reviews, and risk assessments
• Oversee security testing programs such as penetration testing, vulnerability assessments, and code reviews; drive remediation efforts
• Manage security incident response and vulnerability management processes
• Drive automation of security controls and integrate security tooling into CI/CD pipelines and DevSecOps workflows
• Ensure compliance with relevant security standards and regulations (e.g., HIPPA, SOC2, PCI)
• Act as a key stakeholder in program and project leadership, participating in risk management, change boards, and security governance
• Engage with external auditors, clients, and vendors during security assessments and compliance audits
• Foster a security-first culture by providing training, awareness, and guidance across the company

Preferred Qualifications

You may have technical depth in one domain (preferably application security), but have enough breadth to lead across multiple domains (detection & response, GRC, etc.), and can guide a team through designing a secure system

Benefits

• Flexible PTO
• Competitive health & dental insurance options, with premiums partially or fully covered by GG
• In-person opportunities that are designed to help team members foster collaboration and build community (ie; working out of a co-working space, team dinners, and other team building activities)
• Fertility and adoption benefits via Carrot
• Generous, fully-paid parental leave policy
• 401k benefit - employees are eligible to contribute starting day 1 of employment
• Professional Development - employees receive a yearly stipend for approved learning and educational-related expenses
• Pre-tax commuter benefits
• Dependent Care FSA
• Home office support