Qualia is a leading B2B real estate technology company that aims to simplify the home buying and selling process. They are seeking an Engineering Manager to lead the Application Security team, focusing on enhancing security through AI-assisted workflows and automating security processes.
Responsibilities:
- Lead and grow the Application Security team - coaching senior AppSec engineers, setting goals, and owning delivery against the security roadmap
- Build the automated pen-testing program. Stand up pipelines that run continuous, AI-assisted offensive testing against our services, APIs, and web properties - and turn the output into a triaged, actionable queue
- Scale triage with AI. Design the workflows and tooling that let the team handle 10x the volume of findings (bug bounty, scanner output, customer reports) without 10x the headcount
- Review engineering proposals. Sit at the front of the design process with engineering leaders across Core, Clear, Shield, Connect, and Atlas - reviewing RFCs and proposals, flagging risk early, and helping teams ship securely by default
- Run red-teaming exercises. Drive recurring red team engagements - both internal exercises and coordinated vendor work - and close the loop into detection, response, and product hardening
- Own the AppSec vision. Partner with the leadership team to set multi-quarter strategy across anomaly detection, threat modeling, and AI-augmented defense
- Fight fires when they happen. Lead incident response from the application security side, and be the person engineering trusts to make the call in the room
- Mentor and hire. Recruit strong AppSec engineers, mentor the ones you have, and build a team culture where people are pushed and supported in equal measure
Requirements:
- 5+ years as a security or full-stack engineer working on production systems, with 2+ years managing a security or platform engineering team
- Hands-on depth in application security: threat modeling, code review, and at least one offensive-security discipline (pen testing, red team)
- Track record of shipping automation that changed how a team worked - ideally including meaningful use of LLMs, agents, or ML in a security or engineering workflow
- Comfort operating across the full security lifecycle: prevention, detection, response, and recovery
- Strong written communication. You can write the design doc, the post-mortem, and the board-ready summary - and you can tell a product engineer why their proposal needs to change without shutting down the conversation
- Keen product sense and a bias toward measurable impact. You care whether the risk actually went down, not whether a ticket got closed
- Experience in fintech, real estate tech, or another regulated, high-liability domain preferred
- Background designing or operating anomaly-detection systems on production traffic, auth logs, or financial transactions
- Published research, CVEs, or conference talks in AppSec, offensive security, or AI security
- Familiarity with the evolving landscape of AI-enabled offense (prompt injection, model abuse, agent exploitation) and defense