synthesia - Application Security Engineering Manager
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• You're a Security Engineer first, who has grown into leadership. You're comfortable in the details and know when to roll up your sleeves, but you've also developed the organisational instincts to run a team effectively and the strategic clarity to own a function. • You're a strong communicator who can operate across audiences — from deeply technical discussions with staff engineers, to clear risk framing for leadership, to pragmatic negotiation with product and engineering partners. • You have a strong engineering background in application security, with hands-on experience in areas such as threat modelling, secure design review, (AI-)SAST/SCA tooling, vulnerability management, and/or security automation. • You are very comfortable with Python and JavaScript. You have experience with AWS and/or GCP from a cloud infrastructure perspective, and you know your way around GitHub Actions. • You have meaningful people management experience — you've hired, grown, and performance-managed security engineers, and you understand what good looks like at senior IC levels. • You've led or significantly contributed to an AppSec programme in a fast-growing SaaS or AI company, ideally one where the engineering organisation was scaling faster than the security team. • You have a genuine point of view on AI-native security engineering — how LLMs and agentic tools change the attack surface, and how to use them defensively. This space is central to what we're building and you need to be able to lead credibly within it. • You've worked in an environment with a mature engineering culture and understand how to embed security as a collaborative partner rather than a gate. • Experience with Kubernetes from an operational/security perspective. • Familiarity with any of the tools in our current stack: Semgrep, Wiz, CrowdStrike, HackerOne, Claude Code, Cursor, GitHub Actions, StepSecurity • Prior experience as a Staff or Principal security engineer before moving into management. • Focus on outcomes over Inputs and Plans • Make the journey fun • Default to simple • You can read more about this in this public Notion page - https://synthesia.notion.site/How-we-work-at-Synthesia-f794caa72f8446efb6be22b551ce0fa2 https://synthesia.notion.site/How-we-work-at-Synthesia-f794caa72f8446efb6be22b551ce0fa2
Responsibilities
• Lead, support, enable and grow the AppSec team — owning hiring, onboarding, performance, and career development for a team of Senior and Staff-level Security Engineers. Important to understand: we're not looking for someone to dictate the roadmap or daily activities of the team. What we need is someone to enable the team to do what needs doing and to give them the best possible environment to do it in. • Own the formalisation of AppSec strategy and roadmap, translating team input, business risk and engineering context into a clear, prioritised programme of work with measurable outcomes. • Be a credible technical partner to your team — able to engage substantively on threat models, security architecture, agentic tooling design, and risk decisions, and willing to get into the details when it matters. • Define and maintain the team's operating rhythm: OKRs, quarterly planning, cross-team coordination, and stakeholder communication up to leadership. • Act as a key interface between AppSec and the rest of the organisation and leadership — building relationships with business leadership, engineering leads, the Developer Platform team, Architecture Working Group, and partner functions like Legal and Moderation, to embed security into how Synthesia builds. • Participate in maintaining and evolving Synthesia's approach to AI-assisted development security, including how we secure our own use of agentic coding tools and how we assess the security of AI-generated code. • Own AppSec's relationship with the broader Security function, ensuring tight alignment between AppSec and other Infosec teams on shared risks, incidents, and cross-cutting initiatives. • Represent AppSec externally where relevant — with customers, auditors, and in the context of compliance programmes such as SOC2 and ISO42001.
Benefits
• Lead a small, senior team with high autonomy, and focus on creating leverage rather than running a ticket queue. • Work in a leading AI-company with high-growth and a very friendly culture. It’s a fun ride! • Build and ship AI-native / agentic security tooling end-to-end, from prototypes to production systems that materially change how engineering works. • Operate at the intersection of product, platform, and security architecture, with scope to shape how secure-by-default looks in a rapidly scaling AI company. • A flexible, remote friendly role based out of Europe or one of our hubs in London, Copenhagen, Munich, or Zurich. • 25 days of annual leave + public holidays in the country where you are based. • A generous referral scheme. • Work from home set up. • At Synthesia, you can work from anywhere (within reason) in the world for up to 60 days per year! • A huge opportunity for career growth as you’ll help shape a market-defining product.
No credit card. Takes 10 seconds.