Application Security Capability Leads should possess strong experience in application security and actively contribute to the development and maturity of the application security practice. This includes hands-on expertise across application security domains, supporting practice growth, enabling go-to-market initiatives, and contributing to thought leadership and best practices within the practice.

Key Responsibilities

1. Practice Development:

· Develop and execute strategic plans for the application security practice

· Develop/enhance service capabilities in the areas of application security including application security assessments, threat modelling, vulnerability scanning, penetration testing, and code reviews to identify and mitigate potential security issues.

· Develop service offerings, pricing strategies, and sales collateral

• Oversee security assessments programs (DAST/SAST/SCA) and application security audits
• Collaborate with sales teams, pre-sales teams and other internal and external stakeholders to proactively position application security services to customers.
• Establish solution/service center of excellence (CoE) through collaboration with vendors and partners including startups
• Stay updated on the latest security threats, trends, and technologies to provide advisory to customers.

2. Delivery and Operations:

• Govern application security delivery
• Manage application security CoEs to
• Stay up-to-date with emerging threats, technologies, and application exploit techniques

3. Go-to-Market:

• Collaborate with sales teams to develop and execute go-to-market strategies
• Develop and deliver thought leadership content (e.g., blog posts, white papers, webinars, conference talks)
• Build relationships with key clients, partners, and industry influencers

4. Leadership:

• Lead and mentor a team of security professionals, including managers and individual contributors
• Foster a culture of innovation, collaboration, and continuous learning

Qualifications & Experience:

• 15+ years of experience in application security, with 8+ years in leadership roles
• Proven track record of building and managing successful security practices
• Strong knowledge of penetration testing, red teaming, purple teaming, breach attack simulation, and ethical hacking
• Experience with practice development, go-to-market strategies, and sales enablement
• Excellent leadership, communication, and interpersonal skills
• Industry-recognized security certifications (e.g., OSCP, CEH, CISSP, CISA, CISM)