<h1><u><b>Who We Are</b></u></h1>Join a team that puts its People First! Since 1889, First American (NYSE: FAF) has held an unwavering belief in its people. They are passionate about what they do, and we are equally passionate about fostering an environment where all feel welcome, supported, and empowered to be innovative and reach their full potential. Our inclusive, people-first culture has earned our company numerous accolades, including being named to the Fortune 100 Best Companies to Work For® list for eleven consecutive years. We have also earned awards as a best place to work for women, diversity and LGBTQ+ employees, and have been included on more than 50 regional best places to work lists. First American will always strive to be a great place to work, for all. For more information, please visit <span style="overflow-wrap: break-word; display: inline; text-decoration: inherit; hyphens: auto;">www.careers.firstam.com.</span><p style="text-align:inherit"></p><p style="text-align:inherit"></p><h1><u><b>What We Do</b></u></h1>We are open to remote or hybrid candidates for this role.<br><br>Be part of a transformative team that is shaping the way First American builds and delivers world-class technology products that fuel the real estate industry. We are looking for the best-of-the-best technology experts that will envision, design, build, and deliver innovative solutions that provide exceptional experiences and lasting value to our customers. <br><br>First American is seeking Senior Manager, Application Security candidates to grow our team. This person will bring a strong blend of security engineering expertise and people leadership, with a proven ability to build and scale enterprise application security programs. As a Senior Manager, Application Security, you will lead efforts to embed security into the software development lifecycle, partner closely with engineering teams, and drive a secure-by-design culture across the organization while enabling high-velocity product delivery.<p style="text-align:inherit"></p><p style="text-align:inherit"></p><div><p><b><span>What<span> </span></span><span>You’ll</span><span><span> </span>Do:</span></b><span><span> </span></span><br><span> </span></p></div><div><ul><li><p><span><span>Define, build, and evolve the enterprise Application Security (AppSec) strategy and roadmap aligned to business priorities and risk posture</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Own and scale the AppSec program, including secure SDLC standards, policies, and governance across all applications and platforms</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Partner with engineering and platform teams to integrate security into CI/CD pipelines, tooling, and developer workflows</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Drive threat modeling, security architecture reviews, and vulnerability management to<span> </span></span><span>identify</span><span><span> </span>and mitigate application-layer risks</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Evaluate, implement, and<span> </span></span><span>optimize</span><span><span> </span>AppSec tooling (SAST, DAST, SCA, API security, container security) and automate security processes at scale</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Build, mentor, and lead a high-performing team of application security engineers and specialists</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Collaborate with Engineering, Product, Cloud, Infrastructure, and GRC teams to embed security into product design and delivery</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Establish and track key security metrics to measure program effectiveness and communicate risk posture to leadership</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Ensure applications meet security, regulatory, and audit requirements while supporting internal and external assessments</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Promote a developer-centric security culture through education, training, and security best practice adoption</span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><span> </span></p></div><div><p><b><span>What<span> </span></span><span>You’ll</span><span><span> </span>Bring:</span></b><span> </span></p></div><div><p><span> </span></p></div><div><ul><li><p><span><span>8+ years of experience in application security, security engineering, or related cybersecurity roles</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>3+ years of experience leading or managing teams in a security or engineering organization</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Strong<span> </span></span><span>expertise</span><span><span> </span>in secure application development, including secure coding, threat modeling, and SDLC integration</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Deep understanding of modern application architectures (microservices, APIs, cloud-native, distributed systems)</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Experience implementing<span> </span></span><span>DevSecOps</span><span><span> </span>practices and integrating security into CI/CD pipelines</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Hands-on experience with application security tools (SAST, DAST, SCA, container security, API security)</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Demonstrated ability to assess and prioritize risk, and drive remediation across engineering teams</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Strong cross-functional communication and stakeholder management skills</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Proven ability to influence engineering teams and drive adoption of security practices</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Bachelor's degree in computer science, Information Security, or related field (or equivalent experience)</span></span><span><span> </span></span><br><span> </span></p></li></ul></div><div><p><b><span>Ideally,<span> </span></span><span>You’ll</span><span><span> </span>Also Have Experience With:</span></b><span> </span></p></div><div><p><span> </span></p></div><div><ul><li><p><span><span>Operating in a regulated environment (financial services, fintech, or similar)</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Cloud platforms (AWS, Azure, or GCP) and cloud security best practices</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Zero Trust architecture and modern identity/security models</span></span><span> </span></p></li></ul></div><p style="text-align:inherit"></p><p style="text-align:inherit"></p>Pay Range: $148,600.00 - $198,200.00 Annually<p> </p>This hiring range is a reasonable estimate of the base pay range for this position at the time of posting. Pay is based on a number of factors which may include job-related knowledge, skills, experience, business requirements and geographic location.<p> </p><div><div><div><div><div><div><div><p style="text-align:left"><b><span>** Note that the following statements only apply to candidates who will be working from an unincorporated area within Los Angeles County. **</span></b></p></div></div></div></div></div></div></div><p style="text-align:left">First American will consider for employment all qualified applicants, including those with arrest or conviction records, in a manner consistent with the requirements of applicable state and local laws (e.g., the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act).</p><p style="text-align:left">First American intends to conduct a review of an applicant’s criminal history in connection with a conditional offer. First American reasonably believes that a criminal history may have a direct, adverse and negative relationship with the following material job duties for this position potentially resulting in the withdrawal of the conditional offer of employment: handling of confidential, proprietary or trade secret information belonging to First American or its customers, administrating or facilitating financial transactions, and the ability to meet customer-imposed criminal history requirements.</p><p style="text-align:inherit"></p><p style="text-align:inherit"></p><p style="text-align:inherit"></p><h1><b><u>What We Offer</u></b></h1>By choice, we don’t simply accept individuality – we embrace it, we support it, and we thrive on it! Our People First culture is inclusive for all employees - not just because it's the right thing to do, but because it's the key to our success. We are proud to foster an authentic and inclusive workplace For All. You are free and encouraged to bring your entire, unique self to work. First American is an equal opportunity employer in every sense of the term.<p style="text-align:inherit"></p><p style="text-align:inherit"></p><p style="text-align:inherit"></p>Based on eligibility, First American offers a comprehensive benefits package including medical, dental, vision, 401k, PTO/paid sick leave and other great benefits like an employee stock purchase plan.