Acrisure LLC
Overview
Join to apply for the
Application Security Manager
role at
Acrisure . Job location: Grand Rapids, MI. Responsibilities
Application Security Program Leadership: Own the vision, strategy, and roadmap for the Application Security program enterprise-wide. Build, mentor, and lead a team of AppSec engineers and specialists. Define program objectives, performance metrics, and KPIs to measure and report success. Advocate for application security at all levels of the organization, from developers to executives. Partnership with Development Teams: Collaborate with software engineering teams to integrate security controls, best practices, and policies throughout the SDLC. Promote a "security by design" culture by coaching developers on secure coding practices. Support threat modeling, secure code reviews, and security architecture discussions. Security Tooling and Integration: Implement, configure, and maintain application security tooling (SAST, DAST, SCA, IaC scanning, API security, container security). Integrate security checks into CI/CD pipelines using GitHub and other platforms. Evaluate emerging technologies and recommend tools that enhance automation and scalability. Monitoring, Incident Response, and Metrics: Partner with SOC analysts to investigate application-layer alerts, incidents, and vulnerabilities. Track and report key security metrics, including vulnerability remediation timelines, pipeline coverage, and policy compliance. Provide executive reporting on AppSec maturity and risk reduction. Requirements
Proven ability to design, lead, and scale an enterprise application security program. Strong understanding of secure software development, OWASP Top 10, threat modeling, and vulnerability management. Experience partnering with development organizations to secure agile/DevOps pipelines. Hands-on familiarity with security tooling (SAST, DAST, SCA, IaC, container security) and integrating with source code management (GitHub/GitLab, etc.). Excellent communication, leadership, and stakeholder management skills. Ability to lead through influence and establish a strong security culture across multiple technology teams. Education and Experience
5+ years of professional experience in information security with a focus on application security; 2+ years in a leadership role preferred. Previous experience as a developer or working closely with software development teams is strongly preferred. Certifications such as CSSLP, GWAPT, GWEB, OSWE, or other relevant industry credentials are a plus. Proven experience leading security initiatives at scale in enterprise environments, ideally within financial services or other highly regulated industries. Candidates should be comfortable with an on-site presence to support collaboration, team leadership, and cross-functional partnership. Benefits and Perks
Competitive compensation Flexible vacation policy, paid holidays, and paid sick time Medical, Dental, and Vision Insurance (employee-paid) Company-paid Short-Term and Long-Term Disability Insurance Company-paid Group Life insurance Company-paid EAP and Calm App subscription Employee-paid Pet Insurance and optional supplemental coverage Vested 401(k) with company match and financial wellness programs FSA, HSA and commuter benefits options Paid maternity leave, paid paternity leave, and fertility benefits Career growth and learning opportunities and more Note: Enrollment waiting periods or eligibility criteria may apply to certain benefits. Offerings may vary by location or subsidiary. Acrisure is committed to employing a diverse workforce and encourages applications from all qualified candidates. California residents can learn more about privacy practices for applicants at the Acrisure California Applicant Privacy Policy: www.Acrisure.com/privacy/caapplicant. #J-18808-Ljbffr
Join to apply for the
Application Security Manager
role at
Acrisure . Job location: Grand Rapids, MI. Responsibilities
Application Security Program Leadership: Own the vision, strategy, and roadmap for the Application Security program enterprise-wide. Build, mentor, and lead a team of AppSec engineers and specialists. Define program objectives, performance metrics, and KPIs to measure and report success. Advocate for application security at all levels of the organization, from developers to executives. Partnership with Development Teams: Collaborate with software engineering teams to integrate security controls, best practices, and policies throughout the SDLC. Promote a "security by design" culture by coaching developers on secure coding practices. Support threat modeling, secure code reviews, and security architecture discussions. Security Tooling and Integration: Implement, configure, and maintain application security tooling (SAST, DAST, SCA, IaC scanning, API security, container security). Integrate security checks into CI/CD pipelines using GitHub and other platforms. Evaluate emerging technologies and recommend tools that enhance automation and scalability. Monitoring, Incident Response, and Metrics: Partner with SOC analysts to investigate application-layer alerts, incidents, and vulnerabilities. Track and report key security metrics, including vulnerability remediation timelines, pipeline coverage, and policy compliance. Provide executive reporting on AppSec maturity and risk reduction. Requirements
Proven ability to design, lead, and scale an enterprise application security program. Strong understanding of secure software development, OWASP Top 10, threat modeling, and vulnerability management. Experience partnering with development organizations to secure agile/DevOps pipelines. Hands-on familiarity with security tooling (SAST, DAST, SCA, IaC, container security) and integrating with source code management (GitHub/GitLab, etc.). Excellent communication, leadership, and stakeholder management skills. Ability to lead through influence and establish a strong security culture across multiple technology teams. Education and Experience
5+ years of professional experience in information security with a focus on application security; 2+ years in a leadership role preferred. Previous experience as a developer or working closely with software development teams is strongly preferred. Certifications such as CSSLP, GWAPT, GWEB, OSWE, or other relevant industry credentials are a plus. Proven experience leading security initiatives at scale in enterprise environments, ideally within financial services or other highly regulated industries. Candidates should be comfortable with an on-site presence to support collaboration, team leadership, and cross-functional partnership. Benefits and Perks
Competitive compensation Flexible vacation policy, paid holidays, and paid sick time Medical, Dental, and Vision Insurance (employee-paid) Company-paid Short-Term and Long-Term Disability Insurance Company-paid Group Life insurance Company-paid EAP and Calm App subscription Employee-paid Pet Insurance and optional supplemental coverage Vested 401(k) with company match and financial wellness programs FSA, HSA and commuter benefits options Paid maternity leave, paid paternity leave, and fertility benefits Career growth and learning opportunities and more Note: Enrollment waiting periods or eligibility criteria may apply to certain benefits. Offerings may vary by location or subsidiary. Acrisure is committed to employing a diverse workforce and encourages applications from all qualified candidates. California residents can learn more about privacy practices for applicants at the Acrisure California Applicant Privacy Policy: www.Acrisure.com/privacy/caapplicant. #J-18808-Ljbffr