Security Engineering Manager

Overview:
Corporate Tools is looking for a Security Engineering Manager who eats vulnerabilities for breakfast and leads with curiosity, code, and caffeine. This isn't a sit-back-and-schedule-meetings kind of role-you'll be in the trenches with your team, squashing bugs (the dangerous kind), locking down systems, and making sure our software is built like a digital fortress. You'll champion secure coding, make threat modeling feel less like paperwork and more like detective work, and still have time to help your team grow into confident, capable engineers who know their way around both code and conversation.
Your focus will be on leading initiatives and driving the team on our Core Systems, requiring a mix of deep expertise and a willingness to jump into different areas across the organization, doing whatever it takes to get the job done.
Wage:
Up to $185,000/ Year
Benefits:

• 100% employer-paid medical, dental and vision for employees
• Annual review with raise option
• 22 days Paid Time Off accrued annually, and 4 holidays
  • After 3 years, PTO increases to 29 days. Employees transition to flexible time off after 5 years with the company-not accrued, not capped, take time off when you want
  • The 4 holidays are: New Year's Day, Fourth of July, Thanksgiving, and Christmas Day
• Paid Parental Leave
• Up to 6% company matching 401(k) with no vesting period
• Quarterly allowance
  • Use to make your remote work set up more comfortable, for continuing education classes, a plant for your desk, coffee for your coworker, a massage for yourself... really, whatever
• Open concept office with friendly coworkers
• Creative environment where you can make a difference
• No dumb benefits like free dog walking on the weekends that snobby hipster places have to make you feel cool, but mathematically won't cost the company much money because you won't use it
• Trail Mix Bar --- oh yeah

Responsibilities:

• Lead 6 security engineers across three specialized teams: Red (offense), Blue (defense), and Orange (compliance).
• Own the security strategy and execution for offensive testing, defensive monitoring, and compliance work - ensuring all three disciplines are aligned.
• Act as the technical anchor for the teams: review code, guide exploits, drive secure architecture decisions, and mentor engineers.
• Partner with product and engineering leads to embed security into development (threat modeling, secure coding, CI/CD guardrails).
• Build internal security tools and automation that make it easier for product teams to ship securely.
• Oversee red team engagements and turn findings into actionable fixes, not just reports.
• Manage defensive capabilities - incident response, detection engineering, monitoring - and continually improve them.
• Ensure compliance frameworks (SOC2, ISO, PCI, etc.) are met without slowing innovation or creating unnecessary bureaucracy.
• Set a high technical bar: coach, mentor, and challenge engineers to pursue elegant, practical security solutions.
• Balance being a builder and a leader: stay hands‑on enough to earn respect from hackers, but prioritize leading and scaling the team's impact.

Requirements:

• BS in Computer Science or equivalent experience.
• 5+ years building and securing software - hands‑on experience with web frameworks (Rails, Django, Node, etc.) and modern architectures.
• Proven application security expertise: secure SDLC, OWASP, threat modeling, exploit mitigation, and vulnerability remediation.
• Experience leading security or engineering teams - setting strategy, running scrums, conducting reviews, and mentoring talent.
• Strong knowledge of cloud environments (AWS, Azure, GCP) and securing databases (SQL/NoSQL) in production.
• Exposure to offensive and defensive security practices - red team, blue team, or incident response experience a plus.
• Ability to communicate risk and solutions to execs, engineers, and auditors - respected by hackers and trusted by leadership.
• Pragmatic mindset: knows when to enable speed, when to block, and how to automate guardrails to keep teams fast and safe.