• Create, manage, and maintain the application security strategy and roadmap, tracking OKRs and work efforts over six quarters. • Comfortable and excited to lead the application security domain, including managing and maintaining existing tools, executing domain strategies, and owning all aspects of application security. • Develop, execute, and track the performance of security measures to protect Alma’s data, applications, and systems. • Gain a deep understanding of Alma’s systems and architecture and the software development processes used to develop it. • Provide subject matter expertise in the areas of secure coding, application authentication, encryption, AI, and quickly research and become competent in other areas as needed. • Collaborate with teammates, PMs, and peers to design, develop and implement engineering’s technical security strategy and architecture. • Collaborate with the Platform Infrastructure team to configure, troubleshoot, and maintain a security infrastructure that monitors and protects against security breaches and intrusions. • Collaborate with the Developer Experience team to integrate security tools, workflows, and practices into development environments. • Continually research current and emerging security threats and technologies, proposing changes and guidance that are most impactful. • Develop appropriate technical solutions along with the latest security tools that help mitigate security vulnerabilities and also help automate repeatable activities. • Build and provide high-quality application security documentation and training to engineers to set them up for success. • Educate and train Alma engineering on information system security best practices using our security training solution as well as in-person and recorded training. • Mature and execute the Threat Modeling program with engineers. • Implement, manage, and maintain application security tools such as SAST and DAST scanners and own the workflow for remediation of findings. • Assist with creating the reports for management regarding vulnerabilities, training, and other relevant metrics.