SmartRecruiters is the Recruiting AI Company that transforms hiring for the world’s leading enterprises. Built for global scale, SmartRecruiters, an SAP company, delivers an AI-powered hiring platform that automates and optimizes the entire talent acquisition process, ensuring faster and smarter hiring decisions. More than 4,000 companies, including Amazon, Visa, and McDonald's, rely on SmartRecruiters to build winning teams. In 2025, SmartRecruiters joined SAP, the global leader in enterprise applications. Together, SmartRecruiters and SAP are accelerating the reinvention of hiring by combining cutting-edge AI innovation with the scale, reach, and resources of SAP’s ecosystem.

At SmartRecruiters, we are a values-driven, globally focused tech company with strong financial backing and a bold vision for the future of work. We commit and dig deep, embracing challenges with grit, curiosity, and a drive for excellence. We foster a collaborative and inclusive work environment, where trust and determination bring us together. Because together, we will win.

Recognized by Fosway Industry Analysts as a strategic leader in recruitment technology for three consecutive years, and awarded by Comparably as a top company for Women, Perks and Benefits, Work-Life Balance, Happiness, Compensation, Diversity, and Culture - we take pride in creating a place where everyone can thrive. Our remote-friendly culture, competitive salaries, and strong internal mobility ensure that high performers have meaningful growth opportunities in an environment built on respect and empowerment.

We are looking for an Application Security Team Lead to own and drive our application security program while leading a small, high-performing team of security engineers. This is a hands-on leadership role- you will be equally comfortable conducting penetration tests and threat models as you are setting team direction, mentoring engineers, and partnering with stakeholders across the organization.

You will be responsible for the strategy, execution, and continuous improvement of application security across our products, APIs, and AI-powered services. You will lead a team of 2 to 4 security engineers, helping them grow while ensuring the team delivers measurable impact on the organization's security posture.

If you thrive at the intersection of deep technical work and people leadership- and want to shape how security is done, not just do it- this role is for you.

What You'll Do:

Team Leadership & Program Ownership

• Lead, mentor, and develop a team of 2- 4 Application Security Engineers, fostering a culture of ownership, collaboration, and continuous learning.
• Define and execute the application security roadmap, aligning priorities with business goals, risk landscape, and engineering capacity.
• Own security program metrics and reporting- track coverage, mean time to remediate, tooling effectiveness, and team performance, and communicate progress to leadership.
• Manage team workload, balance reactive and proactive security work, and ensure sustainable delivery across all program areas.
• Conduct regular 1:1s, provide career development guidance, and support hiring efforts as the team grows.
• Represent the application security function in cross-functional discussions with engineering leadership, product, and platform teams.

Hands-On Application Security

• Conduct internal penetration testing of web applications, APIs, and microservices, and coordinate and manage external penetration test engagements end-to-end.
• Perform threat modeling, security design reviews, and architecture assessments for new and existing services.
• Carry out manual and automated secure code reviews, identifying vulnerabilities and providing actionable remediation guidance.
• Execute security testing across multiple disciplines including SAST, DAST, IAST, SCA, and manual testing techniques.
• Lead response to critical and high-severity security findings, driving rapid remediation in collaboration with engineering teams.

Vulnerability Management & Bug Bounty

• Own the vulnerability management lifecycle- define processes, set SLAs, and ensure findings move from discovery through remediation and verification.
• Oversee and operate the bug bounty program: manage researcher relationships, triage submissions, validate findings, and drive internal fixes.
• Prioritize security findings based on impact, exploitability, and business context, ensuring the team focuses on the highest-value work.
• Investigate and respond to security bugs reported through internal and external channels.

Security Tooling, Automation & CI/CD Integration

• Define the tooling strategy for the application security program- evaluate, implement, and optimize tools to maximize coverage and minimize friction.
• Ensure security controls are deeply integrated into CI/CD pipelines and developer workflows, shifting security left without slowing delivery.
• Manage, tune, and optimize the security tooling stack including GitHub Advanced Security, CodeQL, Checkmarx, SonarCloud, Black Duck, Contrast Security, and Tenable.
• Continuously improve tooling coverage, reduce false positives, and ensure findings are routed effectively through Jira for tracking and resolution.

AI & Emerging Technology Security

• Assess the security posture of AI-powered features, LLM integrations, chatbots, and agentic AI workflows.
• Identify and mitigate risks specific to AI systems including prompt injection, data leakage, model misuse, and insecure AI-generated code (vibe coding).
• Conduct and oversee security assessments and penetration testing of AI/ML-powered applications and services.
• Define the team's approach to securing AI adoption across engineering, establishing guardrails and best practices.

Threat Intelligence & Supply Chain Security

• Monitor and analyze threat intelligence related to dependency risks and software supply chain attacks.
• Leverage SCA tooling and threat feeds to proactively identify vulnerable or malicious components before they reach production.
• Keep the team and broader engineering organization informed about the evolving application-layer threat landscape.

Standards, Culture & Enablement

• Define and maintain secure coding standards aligned with OWASP Web Top 10, OWASP API Security Top 10, OWASP Mobile Top 10, and OWASP AI Security guidelines.
• Build and scale security enablement programs- training, documentation, security champions initiatives, and self-service resources for developers.
• Partner with engineering teams to continuously raise the security bar through hands-on support and trusted advisory relationships.
•  

• Significant professional experience in Application Security, Product Security, or Secure Software Development, with a demonstrated track record of leading or mentoring security engineers.
• Proven ability to lead a small team- set priorities, delegate effectively, develop people, and deliver results through others while staying technically hands-on.
• Deep understanding of common vulnerability classes (injection, broken access control, cryptographic failures, SSRF, etc.) and secure design principles.
• Strong hands-on experience with penetration testing of web applications, APIs, and modern cloud-native architectures.
• Solid knowledge of authentication, authorization, cryptography, and API security patterns.
• Experience building or maturing an application security program- defining processes, tooling strategy, and metrics.
• Experience with security testing methodologies and tools across SAST, DAST, IAST, and SCA.
• Familiarity with microservices architectures and cloud environments, particularly AWS.
• Excellent communication skills- able to articulate technical risks to engineers, translate security priorities for leadership, and build trust across teams.

Nice to Have

• Experience managing or operating a bug bounty program.
• Hands-on experience with tools from our stack: GitHub Advanced Security, CodeQL, Checkmarx, SonarCloud, Black Duck, Contrast Security, or Tenable.
• Experience assessing AI/ML systems for security risks, including LLM-specific attack vectors.
• Familiarity with OWASP frameworks beyond the Top 10 (ASVS, SAMM, AI Security & Privacy Guide).
• Background in software engineering or development, with the ability to read and review code across multiple languages.
• Experience building security champions programs or developer security enablement initiatives.
• Relevant certifications such as OSCP, OSWE, GWAPT, CISSP, or similar.
• Experience with threat intelligence platforms or supply chain security tooling.

SmartRecruiters is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.