Manager, Security Engineering

Acquia empowers the world’s most ambitious brands to create digital customer experiences that matter. As the Manager of Security Engineering, you will lead a specialized team of security engineers focused on application security, cloud security, and AI system security across Acquia's product portfolio.

Responsibilities:

• Manage, mentor, and grow a dedicated team of security engineers
• Conduct continuous performance evaluations (quarterly and annually) to guide professional development and advocate for promotions
• Define and execute a forward-looking security engineering roadmap aligned with Product Engineering needs and broader business initiatives, including the secure enablement of AI technologies
• Translate high-level business direction into actionable quarterly deliverables for the team
• Establish and measure team success against the completion of quarterly goals and the continuous improvement of annual compliance audit results
• Champion shift-left security practices, including threat modeling, secure code review, and developer security training embedded in the software development lifecycle
• Own and scale application security tooling—SAST, DAST, and SCA platforms—to systematically surface and remediate vulnerabilities across product codebases
• Shift the security paradigm from manual operational cleanup to building automated solutions and guardrails that eliminate entire classes of vulnerabilities
• Lead 'research spikes' to proactively investigate cloud-native environments and identify systemic security gaps before they become incidents
• Ensure all security initiatives are rooted in clear findings and deliver exact, architectural fixes (code or configuration) to resolve them
• Define and enforce cloud security standards spanning IAM, API security, secrets management, and container workloads across AWS environments
• Define and enforce security standards for internal enterprise AI systems, including LLM-based agents, RAG pipelines, and AI-integrated workflows—covering risks such as prompt injection, data exfiltration, and privilege escalation
• Lead threat modeling for agentic AI systems where models have access to tools, APIs, or sensitive data
• Partner with AI/ML engineering teams to embed security review into AI development lifecycles, from model selection through deployment
• Evaluate and deploy AI-native security tooling to augment the team’s detection, triage, and remediation capacity
• Act as an internal consultant and advisory body to Product Engineering teams, guiding them on secure implementation practices
• Communicate complex, highly technical security risks effectively to non-technical project managers and stakeholders
• Influence and negotiate with software developers to prioritize and remediate vulnerabilities within their workflows
• Serve as the primary technical bridge between Product Engineering and Security Operations, providing guidance on cloud and Kubernetes security configurations

Requirements:

• Hands-on experience with SAST, DAST, and SCA tooling (e.g., Semgrep, Snyk, Veracode, or equivalents) and guiding engineering teams on remediation
• Deep understanding of securing cloud-native applications and services on AWS, including IAM, API Gateway, secrets management, and container workloads
• Working knowledge of OWASP LLM Top 10, agentic AI attack surfaces (tool abuse, prompt injection, memory poisoning), and security considerations for AI systems with external integrations
• Experience using AI-assisted security tools—such as AI-powered SAST, copilot-assisted code review, or agentic vulnerability triage—to scale team output
• Strong working knowledge of the technical implications of operating within strict compliance frameworks, including ISO/SOC, PCI, and FedRAMP
• Exceptional ability to translate highly technical concepts for non-technical stakeholders and the interpersonal skills required to influence engineering teams without direct reporting authority