Senior Manager – Application Security

About the Team

Reports to: Head of Product Security

The Senior Manager of Application Security leads a global team responsible for embedding security into Miro’s Software Development Lifecycle (SDLC)—from concept to code to customer impact. This team partners closely with product and engineering to proactively mitigate risk while accelerating developer velocity and innovation.The role focuses on enabling secure-by-default development through secure design support, automated tooling, vulnerability management, offensive testing, and developer engagement. It also plays a critical role in integrating security into Miro’s Discover, Define, Deliver product lifecycle and aligning with our AMPED Ways of Working (Analytics, Marketing, Product, Engineering, Design) and AMPED Operating Model.As Miro embraces AI-supported software development and explores Agentic AI workflows that empower engineers, product teams, and security teams alike, this role will contribute to adapting and securing those evolving working methods—ensuring that innovation and trust go hand in hand.

About the Role

As Senior Manager of Application Security, you will define and operationalize Miro’s application security strategy in alignment with our industry-leading software development lifecycle and AMPED framework. You will lead a multidisciplinary team of application security engineers and offensive security specialists who work directly with developers, product teams, and platform engineering across multiple regions.
You will embed security into all phases of the product lifecycle—from early discovery and architecture threat modeling, to design reviews and secure delivery pipelines, and ongoing monitoring and testing post-release. Your team will also support Miro’s AI-driven development tooling and guide secure adoption of Agentic AI workflows, which enable both developers and security teams to collaborate more efficiently and proactively.

The role requires a pragmatic, hands-on leader who thrives in fast-moving environments and has a deep understanding of both software engineering and security, as well as a passion for empowering teams to build securely and autonomously.

What you’ll do

• Lead and mentor a globally distributed team of security engineers focused on application security, offensive testing, secure architecture, and vulnerability remediation.
• Lead and coordinate the team's initiatives and help provide project management leadership to the team members.
• Coordinate cross function and cross stream initiatives and projects.
• Drive integration of security into Miro’s Discover, Define, Deliver lifecycle through the lens of the AMPED Ways of Working and Operating Model.
• Collaborate with Product, Engineering, and Design to ensure security is considered at the earliest stages of ideation—via threat modeling, risk reviews, and abuse-case analysis.Shape and evolve Miro’s Secure SDLC practices, integrating security seamlessly into CI/CD pipelines, infrastructure-as-code, and developer tooling.
• Oversee execution of bug bounty and third-party testing programs, ensuring vulnerabilities are triaged, communicated, and remediated effectively.
• Build and scale Miro’s Security Champions program to embed security ownership within each engineering team.
• Guide secure adoption of AI-augmented software development tools, including LLMs used for code generation, reviews, or architectural assistance.
• Help envision and safely operationalize Agentic AI-driven developer and security workflows, including policy-driven autonomous agents supporting security automation and decision-making.
• Provide structured guidance, patterns, and reference architectures that support developers in implementing secure, scalable, and privacy-respecting features.
• Define and report on KPIs and success metrics for secure development adoption, vulnerability resolution, and developer engagement.
• Collaborate with Privacy, Legal, and Compliance teams to ensure alignment with regulatory requirements (ISO 27001, SOC 2, GDPR, and emerging AI regulations).
• Foster a strong team culture based on collaboration, learning, and continuous improvement.

What you’ll need

• 10+ years of experience in software, application, or product security, including significant experience in secure software development.
• 3+ years of technical leadership or management experience in a security-focused role.
• Extensive experience with threat modeling methodologies (e.g., STRIDE, PASTA) and risk assessment, particularly within a SaaS or product-centric organization.
• Deep expertise in Secure Software Development Lifecycles (SSDLC), including integrating security into agile and custom development frameworks.
• Demonstrated experience running Security Champions programs and scaling developer engagement.
• Experience leading offensive security programs (penetration testing, red teaming, bug bounty).
• Practical understanding of governance and assurance frameworks such as ISO 27001, SOC 2, and OWASP SAMM.
• Familiarity with AI/LLM tooling (e.g., Cursor, GitHub Copilot, custom LLM integrations) and the associated security and governance considerations.
• Experience working with AWS and securing API-driven, microservice-based architectures.
• Ability to manage distributed teams and communicate effectively across technical and business stakeholders.

Who You Are (Skills & Attributes)

• Developer-Aligned: You understand the pace and pressure of modern software development and are committed to reducing friction while improving security posture.
• An Exceptional Communicator: You can articulate complex technical risks to non-technical stakeholders and translate business goals into security strategy for your team.
• A Natural Collaborator: You excel at building strong relationships and influencing cross-functional teams without direct authority.
• A Pragmatic Problem-Solver: You are skilled at identifying scalable, risk-based solutions and are comfortable navigating ambiguity in a fast-paced environment.
• Data-Driven: You use metrics and KPIs to measure the effectiveness of your programs and drive continuous improvement.
• A Passionate Mentor: You are dedicated to developing talent and empowering engineers and product managers to be security champions.

Why Join Miro’s Security Team?

As a member of Miro’s security leadership, you’ll help define how innovation and trust scale together. You’ll work across the AMPED operating model, empower developers through secure tooling, and support cutting-edge AI-driven and agentic workflows that redefine how software and teams are built. If you thrive on technical depth, cross-functional collaboration, and advancing the next era of secure software development, this role is for you.

What's in it for you

• Competitive equity package
• Medical insurance coverage
• Lunch, snacks and drinks provided in the office
• Wellbeing benefit and WFH equipment allowance
• Annual learning and development allowance to grow your skills and career
• Travel allowance for your commute
• Opportunity to work for a globally diverse team
• Inspiring workplace in the heart of Amsterdam or Berlin

#LI-JR1

About Miro

Miro is a visual workspace for innovation that enables distributed teams of any size to build the next big thing. The platform's infinite canvas enables teams to lead engaging workshops and meetings, design products, brainstorm ideas, and more. Miro, co-headquartered in San Francisco and Amsterdam, serves more than 90M users worldwide, including 99% of the Fortune 100. Miro was founded in 2011 and currently has more than 1,600 employees in 12 hubs around the world.

We are a team of dreamers. We look for individuals who dream big, work hard, and above all stay humble. Collaboration is at the heart of what we do and through our work together we hope to create a supportive, welcoming, and innovative environment. We strive to play as a team to win the world and create a better version of ourselves every day. If this sounds like something that excites you, we want to hear from you!

Check out more about life at Miro: 

• Youtube: https://www.youtube.com/@lifeatmiro
• Blog: https://miro.com/careers/life-at-miro/all/
• Instagram: https://www.instagram.com/mirohq/

At Miro, we strive to create and foster an environment of belonging and collaboration across cultural differences. Miro’s mission — Empower teams to create the next big thing — is how we think about our product, people, and culture. We believe that creating big things requires diverse and inclusive teams. Diversity invites all talent with different demography, identities and styles to step in, and inclusion invites them to step closer together. Every day, we are working to build a more diverse Miro, cultivate a sense of belonging for future and current Mironeers around the world, and foster an environment where everyone can collaborate and embrace differences.

Miro handles and uses personal data of job applicants in line with its Recruitment Privacy Policy found here.