Jeavio - Security Engineering Manager

Job Description : Jeavio is a technology services company that specializes in providing innovative solutions to businesses. We work at the intersection of technology and business, helping organizations leverage cutting-edge tools, including AI, to drive growth and efficiency.You will build and lead a small, high-impact team; embed security thinking into every phase of the SDLC; and serve as a trusted advisor to engineering leads, engineering managers, and customers as we scale our AI-assisted development practices and deepen our commitments to HIPAA, SOC 2, PCI-DSS, and ISO 27001 compliance. This is a hands-on management role - you will write policies and threat models, run audits, and keep your own technical skills sharp, while also coaching and growing your team.Key Responsibilities : Secure Development Practice & Standards : - Define, document, and enforce a company-wide Secure Software Development Lifecycle (SSDLC) aligned to OWASP, NIST, and similar cloud-native security frameworks.- Develop and maintain security policies, coding standards, and guardrails tailored to healthcare (HIPAA), financial (PCI-DSS), SOC 2, and ISO 27001 requirements.- Drive threat modelling, security architecture reviews, and design-level risk assessments for new projects and major feature releases.- Champion security-by-design across cloud-native (AWS, Azure, GCP) environments - including IaC, container security, API security, and secrets management.AI-Assisted Development Security : - Establish guidelines and controls for the secure use of AI coding assistants (GitHub Copilot, Claude Code, Cursor etc.) across engineering teams, covering data leakage, IP exposure, and code quality risks.- Assess and mitigate security risks specific to LLM-integrated products built for customers - including (but not limited to) prompt injection, model abuse, and insecure output handling (OWASP LLM Top 10).- Stay ahead of the rapidly evolving AI security threat landscape and translate findings into actionable team guidance.Testing, Audits & Assurance : - Own the application security testing programme : SAST, DAST, SCA, penetration testing, and red team exercises - both for internal tooling and customer deliverables.- Conduct and coordinate security audits and readiness assessments against SOC 2, ISO 27001, PCI-DSS, and HIPAA controls.- Manage vulnerability disclosure and triage processes; define SLAs for remediation and track them to closure.- Produce clear, executive-ready security reports for internal leadership and customer stakeholders.Team Leadership & Culture : - Hire, mentor, and develop a team of 25 security engineers and analysts; set clear goals and foster a culture of continuous learning.- Design and deliver security awareness and secure coding training programmes for the broader engineering organisation.- Partner with engineering managers and engineering leads to embed security reviews and checkpoints into project delivery workflows.- Act as the primary point of contact for security-related customer inquiries, audits, and due diligence requests.Required Qualifications : - 8+ years of experience in application security, software security engineering, or a closely related field, with at least 2 years in a team lead or management capacity.- Deep hands-on expertise in application security testing tools and techniques : SAST (e.g. Semgrep, Checkmarx), DAST (e.g. OWASP ZAP, Burp Suite), SCA, and penetration testing.- Proven experience designing and implementing SDLCs and security programmes within a software services or product engineering environment.- Strong working knowledge of cloud-native security across AWS, Azure, and/or GCP - including IAM, network security, container/Kubernetes security, and secure IaC (Terraform, CDK).- Practical experience with HIPAA, PCI-DSS, SOC 2, and ISO 27001 frameworks - not just awareness, but hands-on involvement in audits or certifications.- Solid grasp of secure coding principles across modern stacks (web, API, mobile) and the ability to conduct meaningful code reviews.- Excellent written and verbal communication skills; able to translate technical risk into business impact for non-technical audiences.Preferred Qualifications : - Relevant certifications such as CISSP, CISM, OSCP, CEH, AWS Security Specialty, or CCSP.- Experience securing AI/ML pipelines and LLM-powered applications; familiarity with OWASP LLM Top 10 and MITRE ATLAS.- Background working in a software development services / consulting environment, managing security across multiple simultaneous customer engagements.- Exposure to DevSecOps toolchains - CI/CD pipeline security gates, secrets scanning, container image scanning, and policy-as-code.- Familiarity with security frameworks beyond compliance : MITRE ATT&CK, NIST CSF, CIS Benchmarks. (ref:hirist.tech)