Remote Engineering Manager, Application Security

Job Description

Company: Qualia

Location: Phoenix, US

At Qualia, we’ve built the leading B2B real estate technology that transforms the home buying and selling experience into a simple, secure, and enjoyable process. Our SMB and Enterprise products bring together users from across the real estate ecosystem—homebuyers and sellers, lenders, title and escrow agents, and real estate agents—onto a single shared digital closing platform, providing greater clarity and transparency to real estate transactions. Today, through our business customers across the country, millions of consumers use Qualia to close on homes every year. WHAT YOU’LL WORK ON We are hiring an entrepreneurial Engineering Manager to lead Qualia’s Application Security team. This is a builder’s role. You won’t just run a team – you’ll redesign how a modern AppSec function operates when AI can do the first pass on nearly everything we used to do by hand. The team today owns secure design reviews, vulnerability triage, internal penetration testing, incident response support, and security tooling across a JavaScript/NodeJS and Kubernetes stack. Your mandate is to scale that surface area vertically – growing output and coverage per engineer – by making AI-assisted workflows the default. That means automated pen testing pipelines, AI-driven triage of findings from SAST/DAST/SCA, agentic review of engineering proposals and design docs, and continuous red-teaming exercises that test both our systems and our assumptions. You’ll partner closely with Platform, Infra, and product engineering leaders to embed security earlier in the development lifecycle, and you’ll be the team’s voice when we set the security vision for the next two years – including anomaly detection across production traffic, model-driven threat hunting, and how we defend against (and responsibly use) AI-enabled attackers. Securing that platform – the money, the identities, and the documents flowing through it – is what the Application Security team does every day. We’re hiring an Engineering Manager to lead this team into its next chapter: one where AI is a force multiplier for every part of our security program. RESPONSIBILITIES – – Lead and grow the Application Security team – coaching senior AppSec engineers, setting goals, and owning delivery against the security roadmap – Build the automated pen-testing program. Stand up pipelines that run continuous, AI-assisted offensive testing against our services, APIs, and web properties – and turn the output into a triaged, actionable queue – Scale triage with AI. Design the workflows and tooling that let the team handle 10x the volume of findings (bug bounty, scanner output, customer reports) without 10x the headcount – Review engineering proposals. Sit at the front of the design process with engineering leaders across Core, Clear, Shield, Connect, and Atlas – reviewing RFCs and proposals, flagging risk early, and helping teams ship securely by default – Run red-teaming exercises. Drive recurring red team engagements – both internal exercises and coordinated vendor work – and close the loop into detection, response, and product hardening – Own the AppSec vision. Partner with the leadership team to set multi-quarter strategy across anomaly detection, threat modeling, and AI-augmented defense – Fight fires when they happen. Lead incident response from the application security side, and be the person engineering trusts to make the call in the room – Mentor and hire. Recruit strong AppSec engineers, mentor the ones you have, and build a team culture where people are pushed and supported in equal measure YOUR BACKGROUND THAT LIKELY MAKES YOU A MATCH – – 5+ years as a security or full-stack engineer working on production systems, with 2+ years managing a security or platform engineering team – Hands-on depth in application security: threat modeling, code review, and at least one offensive-security discipline (pen testing, red team) – Track record of shipping automation that changed how a team worked – ideally including meaningful use of LLMs, agents, or ML in a security or engineering workflow – Comfort operating across the full security lifecycle: prevention, detection, response, and recovery – Strong written communication. You can write the design doc, the post-mortem, and the board-ready summary – and you can tell a product engineer why their proposal needs to change without shutting down the conversation – Keen product sense and a bias toward measurable impact. You care whether the risk actually went down, not whether a ticket got closed – Experience in fintech, real estate tech, or another regulated, high-liability domain preferred

Source: Trabajo.org