The Company:
Marigold is a fast-growing marketing technology company helping growing businesses build stronger customer relationships through its three core platforms: Emma, Campaign Monitor, and Vuture. We deliver powerful tools for email, SMS, and marketing automation that elevate engagement and drive real results. Marigold is headquartered in Nashville, Tennessee with offices in Sydney and London.

The Role:
The Manager, Application Security is responsible for ensuring Marigold’s applications are designed, developed, and maintained with strong security controls throughout the software development lifecycle. This role leads application security efforts across global product lines, partners closely with engineering teams, and ensures security risks are proactively identified, prioritized, and remediated.

Reporting directly to the Chief Information Security Officer (CISO), this role combines people leadership, hands-on technical expertise, and strategic influence to strengthen Marigold’s application security posture at scale.

What You’ll Do:

• Lead and develop a small team responsible for identifying, assessing, and remediating application security risks across products and container-based infrastructure.

• Embed secure design and secure coding practices across global development teams throughout the SDLC and CI/CD pipelines.

• Partner closely with engineering, product, and infrastructure teams to prioritize security findings, vulnerabilities, and remediation efforts.

• Oversee application security testing activities including SAST, DAST, IAST, threat modeling, and manual code reviews.

• Monitor emerging threats and vulnerabilities, triage reported issues, assess risk, and communicate mitigation strategies clearly to stakeholders.

• Drive automation and continuous improvement of application security controls, metrics, and security-as-code initiatives.

About You:
You’re a hands-on security leader who enjoys working closely with engineering teams and translating complex security concepts into practical, scalable solutions. You balance technical depth with strong communication skills and are energized by mentoring others while improving security outcomes across the organization.

Ideal Qualifications:

• Demonstrated experience leading or mentoring application security engineers or acting as a technical lead in a security-focused role.

• Strong background in application security, secure software development practices, and vulnerability management across the SDLC.

• Hands-on experience with application security testing methodologies and tools (SAST, DAST, IAST, threat modeling).

• Deep understanding of web application security risks, including those outlined in the OWASP Top 10.

• Experience collaborating closely with software development teams in modern DevSecOps and cloud-based environments.

Nice to Have:

• Experience with containerized and cloud-native environments (Docker, Kubernetes, AWS native security services).

• Familiarity with compliance frameworks such as ISO 27001, SOC II, HITRUST, NIST, or CIS Controls.

• Experience with security tooling such as Veracode, Snyk, Checkmarx, BlackDuck, Tenable.io, Cloudflare, Jira, or Confluence.

Location Eligibility

This position is eligible for hire in the following US states: Arizona, California, Florida, Georgia, Michigan, New York, North Carolina, Tennessee, Texas, and Virginia.

Compensation & Benefits

Compensation:
The base salary range for this role is $$130,000 - $150,000 annually.

The compensation range represents the pay the Company reasonably expects to offer for this position. Actual compensation will be determined based on factors such as skills, experience, qualifications, internal equity, geographic location, and applicable law.

Benefits:

• Competitive benefits including: medical/dental/vision insurance, life/accident/disabilities insurance, supplemental health benefits, FSA, EAP and pet insurance

• Generous time off (we call it Open Time Away) as well as paid holidays and a birthday benefit day off.

• Paid Volunteer Time

• 401k plan with a company match on your contributions.

• Employee-centric and supportive remote work environment with flexibility.

• Support for life events including paid parental leave.