Edtech.com's Summary

Pearson is hiring an Application Security Manager to lead the design, implementation, and continuous improvement of its global application security program. The role involves integrating security practices into CI/CD pipelines, managing a local security team, and driving automation and cloud-native security across multiple cloud platforms.

Highlights

Lead technical application security strategy focusing on automation and secure software development.
Manage and align local application security team with Pearson's global security goals.
Drive adoption of SAST, DAST, SCA, IaC security, container scanning, RASP, and secret scanning tools.
Build automation pipelines for real-time vulnerability detection and remediation.
Lead Developer Security Champion program to promote a security-first culture.
Collaborate with DevOps and SRE teams on secure cloud infrastructure design (AWS, Azure, GCP).
Translate security requirements into tooling, architecture, and secure coding practices.
Support security initiatives related to AI/ML-driven development and responsible AI use.
Require 7+ years in application security or DevSecOps with solid Java and JavaScript development experience.
Experience with cloud-native security, infrastructure as code (Terraform, ARM), containers, microservices, and industry certifications such as OSWE, GSSP, CISSP, or CSSLP preferred.

Application Security Manager (Technical Lead) Full Description

At Pearson, we are the world’s learning company with over 24,000 employees across 70 countries. Our mission is to combine world-class educational content and assessment, powered by services and technology, to enable more effective teaching and personalised learning at scale. We believe that wherever learning flourishes, so do people.

In this exciting and fast-paced role, you will lead the design, implementation, and continuous improvement of Pearson’s global Application Security program, with a strong focus on technical enablement and automation. As an Application Security Manager, you’ll operate at the intersection of security engineering, DevSecOps, and cloud-native development, helping secure a diverse portfolio of hundreds of applications built across AWS, Azure, and GCP.

You’ll work closely with engineering, DevOps, SRE, and product teams to embed security into every stage of our CI/CD pipelines, ensuring that security is scalable, automated, and aligned with Pearson’s rapid adoption of AI-driven technologies.

What You'll Do:

Design and lead our technical application security strategy, focusing on automation, cloud-native security, and secure software development.
Manage the local application security team and align them with the broader goals of the global Application Security organization.
Drive adoption and integration of SAST, DAST, SCA, IaC security, container scanning, RASP, and secret scanning tools.
Build and enhance automation pipelines that support real-time vulnerability detection and remediation across our development lifecycle.
Lead the Developer Security Champion program, engaging and mentoring engineers across the business to create a security-first culture.
Collaborate with DevOps and SRE teams to design secure, scalable cloud infrastructure and application deployment models.
Translate security requirements into actionable tooling, architecture, and secure coding practices.
Support security initiatives related to AI/ML-driven development, model security, and responsible use of AI in software.
Continuously evolve AppSec KPIs and metrics to track risk, compliance, and team effectiveness.

What You Bring:

Significant hands-on experience (7+ years) in application security, software engineering, or DevSecOps.
Solid development background — ideally in Java and JavaScript.
Proven experience implementing and managing AppSec tooling (SAST, DAST, SCA, IaC, RASP, secrets detection).
Deep knowledge of cloud environments (Azure, AWS, GCP) and cloud-native security principles.
Strong background in building and securing infrastructure using Infrastructure as Code (e.g., Terraform, ARM).
Experience supporting and securing modern application architectures including containers and microservices.
Familiarity with OWASP Top 10, threat modeling, and secure design patterns.
Exceptional communication and cross-functional collaboration skills; you’re comfortable working across Dev, Ops, and Security organizations.
Experience mentoring or managing a team and running security champion initiatives is a big plus.
Industry certifications (e.g., OSWE, GSSP, CISSP, CSSLP) are desirable.

Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing TalentExperienceGlobalTeam@grp.pearson.com.

Job: Security

Job Family: TECHNOLOGY

Original Job Description

What You'll Do:

Design and lead our technical application security strategy, focusing on automation, cloud-native security, and secure software development.
Manage the local application security team and align them with the broader goals of the global Application Security organization.
Drive adoption and integration of SAST, DAST, SCA, IaC security, container scanning, RASP, and secret scanning tools.
Build and enhance automation pipelines that support real-time vulnerability detection and remediation across our development lifecycle.
Lead the Developer Security Champion program, engaging and mentoring engineers across the business to create a security-first culture.
Collaborate with DevOps and SRE teams to design secure, scalable cloud infrastructure and application deployment models.
Translate security requirements into actionable tooling, architecture, and secure coding practices.
Support security initiatives related to AI/ML-driven development, model security, and responsible use of AI in software.
Continuously evolve AppSec KPIs and metrics to track risk, compliance, and team effectiveness.

What You Bring:

Significant hands-on experience (7+ years) in application security, software engineering, or DevSecOps.
Solid development background — ideally in Java and JavaScript.
Proven experience implementing and managing AppSec tooling (SAST, DAST, SCA, IaC, RASP, secrets detection).
Deep knowledge of cloud environments (Azure, AWS, GCP) and cloud-native security principles.
Strong background in building and securing infrastructure using Infrastructure as Code (e.g., Terraform, ARM).
Experience supporting and securing modern application architectures including containers and microservices.
Familiarity with OWASP Top 10, threat modeling, and secure design patterns.
Exceptional communication and cross-functional collaboration skills; you’re comfortable working across Dev, Ops, and Security organizations.
Experience mentoring or managing a team and running security champion initiatives is a big plus.
Industry certifications (e.g., OSWE, GSSP, CISSP, CSSLP) are desirable.

Job: Security

Job Family: TECHNOLOGY

Let me find your next job.

Thanks - you're signed up.

Application Security Manager (Technical Lead)

Edtech.com's Summary

Application Security Manager (Technical Lead) Full Description

Application Security Manager (Technical Lead)

Senior Information Security Engineer 2

Senior Information Security Engineer 2

Senior Information Security Engineer 2

Information System Security Officer