Application Security Manager

About Oddity Tech

Oddity Tech is a fast-growing, publicly traded technology company valued at over $3 billion. As a pioneer in the intersection of beauty, data, and technology, Oddity leverages AI and machine learning to transform consumer experiences. With a culture of innovation and agility, we’re expanding rapidly.

This position will report directly to the V.P. of Information Security.

Role Overview

We are seeking an Application Security Manager who will take full ownership of

securing our platform from design through deployment and beyond. This role

combines hands-on engineering, security analysis, and proactive risk

management to ensure that our applications are robust against evolving threats

while working with our engineering teams.

This individual must be familiar with our platforms, architecture, and user

experience. Understanding how the platform is used, its technical

implementation, and the broader business context is crucial to identifying

security risks, prioritizing mitigations, and building secure-by-default systems.

Key Responsibilities

Secure Application Development & Architecture

• Collaborate with product managers and engineers early in the design process to integrate security by design.
• Push security updates and system upgrades.
• Conduct threat modeling based on a detailed understanding of product features and workflows.
• Review architectural decisions for potential security trade-offs.
• Constant verification of our codebases.
• Implement a Secure Software Development Lifecycle (SSDLC) - embedding security controls, testing, and validation into every stage of development.

Testing & Incident Readiness

• Coordinate penetration testing (manual and automated) with a focus on high-risk, high-value product features.
• Lead and support incident response activities related to application-layer breaches.
• Develop playbooks and response procedures tailored to how our product is built and used.

Monitoring, Analysis & Reporting

• Develop dashboards and metrics to continuously monitor application security posture.
• Analyze vulnerability trends with respect to feature adoption and usage to drive proactive mitigation.

Security Awareness & Enablement

• Champion secure coding practices through documentation, internal training, and knowledge sharing.
• Collaborate with product, design, and support teams to balance user experience and security controls.

Required Skills & Experience

• Responsibility of the highest order.
• Leadership skills and ability to influence teammates and cross-functional teams in a fast-paced environment.
• Solid experience in both security engineering and security operations/analysis within a modern software development environment.
• Deep understanding of web and mobile application architectures, APIs, and authentication flows.
• Familiarity with DevSecOps practices, common attack vectors (OWASP Top 10, SSRF, RCE, etc.), and cloud-native environments.
• Proven ability to connect technical security concerns to product features and business risks.
• Hands-on experience with tools such as Palo Alto, Wiz, GitHub Security, etc.
• Strong collaboration and communication skills — able to work cross-functionally with engineering, product, legal, and compliance teams.
• High degree of independence and ownership in driving security initiatives.

Preferred Qualifications

• Experience securing SaaS platforms or feature-rich consumer applications.
• Ability to articulate and translate security trade-offs in product decisions.
• Passion for usability and secure design - not just locking things down, but making security intuitive and integral to product quality.