Edtech.com's Summary

Pearson is hiring an Application Security Manager to lead and enhance its global Application Security program, focusing on technical enablement and automation in cloud-native environments. The role involves collaborating with engineering, DevOps, and product teams to integrate security into CI/CD pipelines and support AI-driven technology adoption.

Highlights

Lead design and implementation of application security strategy emphasizing automation and cloud-native security.
Manage application security team and align local goals with global security objectives.
Drive adoption of AppSec tools such as SAST, DAST, SCA, IaC security, container scanning, RASP, and secret scanning.
Develop automation pipelines for real-time vulnerability detection and remediation in the software development lifecycle.
Lead and mentor Developer Security Champions to foster a security-first culture.
Collaborate with DevOps and SRE teams to secure scalable cloud infrastructure and deployment models.
Translate security requirements into practical tools, architecture, and coding best practices.
Support security measures related to AI/ML development and responsible AI use.
Require 7+ years in application security, software engineering, or DevSecOps with development experience in Java and JavaScript.
Experience with cloud platforms (AWS, Azure, GCP), Infrastructure as Code, container security, OWASP Top 10, and secure design patterns.

Application Security Manager (Technical Lead) Full Description

At Pearson, we are the world’s learning company with over 24,000 employees across 70 countries. Our mission is to combine world-class educational content and assessment, powered by services and technology, to enable more effective teaching and personalised learning at scale. We believe that wherever learning flourishes, so do people.

In this exciting and fast-paced role, you will lead the design, implementation, and continuous improvement of Pearson’s global Application Security program, with a strong focus on technical enablement and automation. As an Application Security Manager, you’ll operate at the intersection of security engineering, DevSecOps, and cloud-native development, helping secure a diverse portfolio of hundreds of applications built across AWS, Azure, and GCP.

You’ll work closely with engineering, DevOps, SRE, and product teams to embed security into every stage of our CI/CD pipelines, ensuring that security is scalable, automated, and aligned with Pearson’s rapid adoption of AI-driven technologies.

What You'll Do:

Design and lead our technical application security strategy, focusing on automation, cloud-native security, and secure software development.
Manage the local application security team and align them with the broader goals of the global Application Security organization.
Drive adoption and integration of SAST, DAST, SCA, IaC security, container scanning, RASP, and secret scanning tools.
Build and enhance automation pipelines that support real-time vulnerability detection and remediation across our development lifecycle.
Lead the Developer Security Champion program, engaging and mentoring engineers across the business to create a security-first culture.
Collaborate with DevOps and SRE teams to design secure, scalable cloud infrastructure and application deployment models.
Translate security requirements into actionable tooling, architecture, and secure coding practices.
Support security initiatives related to AI/ML-driven development, model security, and responsible use of AI in software.
Continuously evolve AppSec KPIs and metrics to track risk, compliance, and team effectiveness.

What You Bring:

Significant hands-on experience (7+ years) in application security, software engineering, or DevSecOps.
Solid development background — ideally in Java and JavaScript.
Proven experience implementing and managing AppSec tooling (SAST, DAST, SCA, IaC, RASP, secrets detection).
Deep knowledge of cloud environments (Azure, AWS, GCP) and cloud-native security principles.
Strong background in building and securing infrastructure using Infrastructure as Code (e.g., Terraform, ARM).
Experience supporting and securing modern application architectures including containers and microservices.
Familiarity with OWASP Top 10, threat modeling, and secure design patterns.
Exceptional communication and cross-functional collaboration skills; you’re comfortable working across Dev, Ops, and Security organizations.
Experience mentoring or managing a team and running security champion initiatives is a big plus.
Industry certifications (e.g., OSWE, GSSP, CISSP, CSSLP) are desirable.

Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing TalentExperienceGlobalTeam@grp.pearson.com.

Job: Security

Job Family: TECHNOLOGY

Original Job Description

What You'll Do:

Design and lead our technical application security strategy, focusing on automation, cloud-native security, and secure software development.
Manage the local application security team and align them with the broader goals of the global Application Security organization.
Drive adoption and integration of SAST, DAST, SCA, IaC security, container scanning, RASP, and secret scanning tools.
Build and enhance automation pipelines that support real-time vulnerability detection and remediation across our development lifecycle.
Lead the Developer Security Champion program, engaging and mentoring engineers across the business to create a security-first culture.
Collaborate with DevOps and SRE teams to design secure, scalable cloud infrastructure and application deployment models.
Translate security requirements into actionable tooling, architecture, and secure coding practices.
Support security initiatives related to AI/ML-driven development, model security, and responsible use of AI in software.
Continuously evolve AppSec KPIs and metrics to track risk, compliance, and team effectiveness.

What You Bring:

Significant hands-on experience (7+ years) in application security, software engineering, or DevSecOps.
Solid development background — ideally in Java and JavaScript.
Proven experience implementing and managing AppSec tooling (SAST, DAST, SCA, IaC, RASP, secrets detection).
Deep knowledge of cloud environments (Azure, AWS, GCP) and cloud-native security principles.
Strong background in building and securing infrastructure using Infrastructure as Code (e.g., Terraform, ARM).
Experience supporting and securing modern application architectures including containers and microservices.
Familiarity with OWASP Top 10, threat modeling, and secure design patterns.
Exceptional communication and cross-functional collaboration skills; you’re comfortable working across Dev, Ops, and Security organizations.
Experience mentoring or managing a team and running security champion initiatives is a big plus.
Industry certifications (e.g., OSWE, GSSP, CISSP, CSSLP) are desirable.

Job: Security

Job Family: TECHNOLOGY

Let me find your next job.

Thanks - you're signed up.

Application Security Manager (Technical Lead)

Edtech.com's Summary

Application Security Manager (Technical Lead) Full Description

Application Security Manager (Technical Lead)

Senior Information Security Engineer 2

Senior Information Security Engineer 2

Senior Information Security Engineer 2

Information System Security Officer